Bug#1031231: marked as done (tries to overwrite /etc/cron.yearly/.placeholder from systemd-cron)
Your message dated Thu, 02 Mar 2023 07:49:17 + with message-id and subject line Bug#1031231: fixed in cron 3.0pl1-162 has caused the Debian Bug report #1031231, regarding tries to overwrite /etc/cron.yearly/.placeholder from systemd-cron to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1031231: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031231 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: cron-daemon-common Version: 3.0pl1-159 Severity: serious Hi, cron-daemon-common can't be upgraded if systemd-cron is also installed: Preparing to unpack .../cron-daemon-common_3.0pl1-159_all.deb ... Unpacking cron-daemon-common (3.0pl1-159) over (3.0pl1-156) ... dpkg: error processing archive /var/cache/apt/archives/cron-daemon-common_3.0pl1-159_all.deb (--unpack): trying to overwrite '/etc/cron.yearly/.placeholder', which is also in package systemd-cron 1.15.19-4 Errors were encountered while processing: /var/cache/apt/archives/cron-daemon-common_3.0pl1-159_all.deb E: Sub-process /usr/bin/dpkg returned an error code (1) AFAICS this hasn't been fixed in the already uploaded but not yet avaible 3.0pl1-160 --- End Message --- --- Begin Message --- Source: cron Source-Version: 3.0pl1-162 Done: Georges Khaznadar We believe that the bug you reported is fixed in the latest version of cron, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1031...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Georges Khaznadar (supplier of updated cron package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 02 Mar 2023 08:33:55 +0100 Source: cron Architecture: source Version: 3.0pl1-162 Distribution: unstable Urgency: medium Maintainer: Javier Fernández-Sanguino Peña Changed-By: Georges Khaznadar Closes: 1031231 Changes: cron (3.0pl1-162) unstable; urgency=medium . * moved "Breaks: systemd-cron(<<1.15.19-5~)" to the package cron-daemon-common. Closes: #1031231 Checksums-Sha1: e306d00022bdf4ab458c7943305ee8626cd2bc0b 2129 cron_3.0pl1-162.dsc 2426345218e36c5d2db4453f4f79ba26523f0ab6 115032 cron_3.0pl1-162.debian.tar.xz 3c38b65d5cc4c01eed3574983a44c0064d28da8b 6209 cron_3.0pl1-162_source.buildinfo Checksums-Sha256: 5258f1e5e13bc330b66019a631092dc517904214881bbb4a39bef252781a22cd 2129 cron_3.0pl1-162.dsc 72790571714030f0ba9acd98a14ad1cef835d3cc7056f013f67182adf1a83d3a 115032 cron_3.0pl1-162.debian.tar.xz 8618b9ac947b116627bd815340cbc5169d0aae0d9e45248aae3572c4bc95861f 6209 cron_3.0pl1-162_source.buildinfo Files: 8d34cb43d47c2219bfc86ca3398e86eb 2129 admin important cron_3.0pl1-162.dsc 192901ac6a8c01f495638c691bf2e0ec 115032 admin important cron_3.0pl1-162.debian.tar.xz 9ea654a39f0f552bf0e7e323e8be516d 6209 admin important cron_3.0pl1-162_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCAAyFiEEM0CzZP9nFT+3zK6FHCgWkHE2rjkFAmQAUaMUHGdlb3JnZXNr QGRlYmlhbi5vcmcACgkQHCgWkHE2rjkc0w//aAsvaMoI7cp+lbDuQDv/+0feykXf z/wNQTjhfert/ffKN2DLxdG6d0RyVOYoTvGX6f0nsL8SqZO0D6mWvDUqmpgPZ541 hqEKjLv3g1yn1yTKbgAxPTkWErXUP439JQHH79/854cx3HlGubfTfjbpshaecttp M4CDeqOXXl54byD8FRip6AXon9JGC9/1y4ZtfkKIdiS2iNG9XXgP1ltYu6QPajk0 GFEOoSfp4Tewrc8UvjmabXdyo0t4PlUxlCxSb7+j1N1JRtviZB473UjM4blwm7w5 P1aJJP6Ocn1zEBYDWJA61FATV9b3SQAT1bXnFe09NFvhdZF/8Eox6/zRiVBAff9h y3tMz00S4CY626+H8KUg0lUcskV7I8nM5OmxsAZiPo4s/Og4HUR844KbkH2fufnM OpYaFNjU73xabUae1I5i+4bV3FhpXzKhgsKKNvowjF5wnvv0yoxj3LJ1KYw0rOG5 BSbeOIMoixLO/sYDm968yMc/lnbglIiTAUKffwR5mC+sTxP3iBX/4NgGnbOqseb2 7Ty8ZpVJAM/xGBPTAHRaBtDBUV5W90UPTkS1lN/NO8AHn7iQG176Bi+q63vKSCg6 HajHJBf69+f2nBK21CHN3Vj+sgkX7qO++gnTdrsHrac82iWxs1zX4gfzhy+2pabU S5KTf0AfnlaWYTM= =p93F -END PGP SIGNATURE End Message ---
Bug#1024544: marked as done (fakeroot: FTBFS on mipsel blocking fix for #1023286)
Your message dated Thu, 02 Mar 2023 07:49:28 + with message-id and subject line Bug#1024544: fixed in fakeroot 1.31-1.1 has caused the Debian Bug report #1024544, regarding fakeroot: FTBFS on mipsel blocking fix for #1023286 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1024544: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024544 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fakeroot Version: 1.29-1 Severity: serious X-Debbugs-Cc: ni...@thykier.net Hi, The fakeroot/1.30.1-1 FTBFS on mipsel (release arch) which blocks the fix for #1023286 from affecting mipsel binaries. The #1023286 also seems to be source of a lot of a dbgsym packages having the wrong ownership in them (see #1024261). With debhelper/13.11, the dbgsym packages will no longer be a problem but we risk that the bug leaks into regular debs as well (no one has tested for this). Thanks, ~Niels --- End Message --- --- Begin Message --- Source: fakeroot Source-Version: 1.31-1.1 Done: Shengjing Zhu We believe that the bug you reported is fixed in the latest version of fakeroot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1024...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shengjing Zhu (supplier of updated fakeroot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 02 Mar 2023 14:44:38 +0800 Source: fakeroot Architecture: source Version: 1.31-1.1 Distribution: unstable Urgency: medium Maintainer: Clint Adams Changed-By: Shengjing Zhu Closes: 1024544 1030638 Changes: fakeroot (1.31-1.1) unstable; urgency=medium . * Non-maintainer upload . [ Johannes Schauer Marin Rodrigues ] * debian/changelog: fix my last name . [ Shengjing Zhu ] * Add patch to compile time64 wraps with -D_TIME_BITS=64 Closes: #1030638, #1024544 Checksums-Sha1: 99a51208a0d9d1836e65b75c60c2b31950f502f7 1338 fakeroot_1.31-1.1.dsc 784abbc9cc9b192d84c90f8d3cc6a18be919509a 25304 fakeroot_1.31-1.1.debian.tar.xz e292f8c22b4c9367865d0de67f0a569919e3ffc2 6392 fakeroot_1.31-1.1_amd64.buildinfo Checksums-Sha256: 9ff567619e21235bf354ff8a7f741ee29eaf1357e6854067337f5b177ec38341 1338 fakeroot_1.31-1.1.dsc fc277ac9ad0c565a05df6de994cfaf6b824cf4446934dd0b548ed7f20d4eed87 25304 fakeroot_1.31-1.1.debian.tar.xz 3f175bca673ab5c102481c095eaa265435a3bacdd7017cda56d9923f3203a7cf 6392 fakeroot_1.31-1.1_amd64.buildinfo Files: 878e9c5300bf54bf26af83c2c9faee07 1338 utils optional fakeroot_1.31-1.1.dsc 8df31f25e49f4b443e0d9b93e8d4734d 25304 utils optional fakeroot_1.31-1.1.debian.tar.xz 621125eb1bfda269e63d045adad0173a 6392 utils optional fakeroot_1.31-1.1_amd64.buildinfo -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCZABSsAAKCRB/RPol6lUU y1rdAQCVuwbu+QJtHAEubMj1vP3bjBv2LMzSZ+ddRpnBYnxYXAEA0GpV65vFGIPQ bHsS3sn3pMGaAVV7zUfOxVb4Xi0pZAc= =w8w7 -END PGP SIGNATURE End Message ---
Bug#1030638: marked as done (cp -a fails to preserve ownership information on 32-bit arches)
Your message dated Thu, 02 Mar 2023 07:49:28 + with message-id and subject line Bug#1030638: fixed in fakeroot 1.31-1.1 has caused the Debian Bug report #1030638, regarding cp -a fails to preserve ownership information on 32-bit arches to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1030638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fakeroot Version: 1.30.1-1.1 Severity: grave Control: affects -1 + mmdebstrap Hi, since glibc 2.34 and coreutils 9.1, fakeroot fails to preserve ownership information when running "cp -a" on a file owned by a user other than root. On armel, armhf and i386 (our 32 bit arches), you can reproduce this problem by running inside fakeroot: $ touch foo $ chown 0:42 foo $ ls -lha foo $ cp -a foo bar $ ls -lha bar" which will print this: -rw-r--r-- 1 root shadow 0 Feb 5 23:00 foo -rw-r--r-- 1 root root 0 Feb 5 23:00 bar I submitted an improvement to the `cp-a` test which adds a check for the ownership information in addition to the mode checks as a merge request for that test here: https://salsa.debian.org/clint/fakeroot/-/merge_requests/19 Observe how the salsaci pipeline succeds for amd64 but fails on i386. The reason is that on i386, fakeroot will not retain the ownership information. A quick comparison of the strace output on arm64 (which does not have this problem) and armhf (which does have this problem) shows that arm64 calls fchown() while armhf calls fchown32() which is not wrapped by fakeroot. Maybe that is the problem? This breaks my package mmdebstrap in a similar way as #1023286 did. Since I think that `cp -a` functionality is quite essential, I'm making this bug RC. Feel free to adjust accordingly. Thanks! cheers, josch --- End Message --- --- Begin Message --- Source: fakeroot Source-Version: 1.31-1.1 Done: Shengjing Zhu We believe that the bug you reported is fixed in the latest version of fakeroot, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1030...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shengjing Zhu (supplier of updated fakeroot package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 02 Mar 2023 14:44:38 +0800 Source: fakeroot Architecture: source Version: 1.31-1.1 Distribution: unstable Urgency: medium Maintainer: Clint Adams Changed-By: Shengjing Zhu Closes: 1024544 1030638 Changes: fakeroot (1.31-1.1) unstable; urgency=medium . * Non-maintainer upload . [ Johannes Schauer Marin Rodrigues ] * debian/changelog: fix my last name . [ Shengjing Zhu ] * Add patch to compile time64 wraps with -D_TIME_BITS=64 Closes: #1030638, #1024544 Checksums-Sha1: 99a51208a0d9d1836e65b75c60c2b31950f502f7 1338 fakeroot_1.31-1.1.dsc 784abbc9cc9b192d84c90f8d3cc6a18be919509a 25304 fakeroot_1.31-1.1.debian.tar.xz e292f8c22b4c9367865d0de67f0a569919e3ffc2 6392 fakeroot_1.31-1.1_amd64.buildinfo Checksums-Sha256: 9ff567619e21235bf354ff8a7f741ee29eaf1357e6854067337f5b177ec38341 1338 fakeroot_1.31-1.1.dsc fc277ac9ad0c565a05df6de994cfaf6b824cf4446934dd0b548ed7f20d4eed87 25304 fakeroot_1.31-1.1.debian.tar.xz 3f175bca673ab5c102481c095eaa265435a3bacdd7017cda56d9923f3203a7cf 6392 fakeroot_1.31-1.1_amd64.buildinfo Files: 878e9c5300bf54bf26af83c2c9faee07 1338 utils optional fakeroot_1.31-1.1.dsc 8df31f25e49f4b443e0d9b93e8d4734d 25304 utils optional fakeroot_1.31-1.1.debian.tar.xz 621125eb1bfda269e63d045adad0173a 6392 utils optional fakeroot_1.31-1.1_amd64.buildinfo -BEGIN PGP SIGNATURE- iHUEARYIAB0WIQSRhdT1d2eu7mxV1B5/RPol6lUUywUCZABSsAAKCRB/RPol6lUU y1rdAQCVuwbu+QJtHAEubMj1vP3bjBv2LMzSZ+ddRpnBYnxYXAEA0GpV65vFGIPQ bHsS3sn3pMGaAVV7zUfOxVb4Xi0pZAc= =w8w7 -END PGP SIGNATURE End Message ---
Processed: your mail
Processing commands for cont...@bugs.debian.org:
> affects 1021165 src:gcc-13
Bug #1021165 {Done: Aurelien Jarno } [src:glibc] armhf:
floatn-common.h:214:9: error: multiple types in one declaration
Added indication that 1021165 affects src:gcc-13
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
1021165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021165
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed (with 1 error): your mail
Processing commands for cont...@bugs.debian.org:
> forcemerge 1021165 1022166
Bug #1021165 {Done: Aurelien Jarno } [src:glibc] armhf:
floatn-common.h:214:9: error: multiple types in one declaration
Bug #1022166 {Done: Aurelien Jarno } [src:glibc]
gcc-snapshot: Building GCC with it fails to configure
Severity set to 'grave' from 'normal'
Added indication that 1022166 affects src:highway,src:gcc-snapshot
Marked as fixed in versions glibc/2.36-7.
Bug #1022166 {Done: Aurelien Jarno } [src:glibc]
gcc-snapshot: Building GCC with it fails to configure
Ignoring request to alter fixed versions of bug #1022166 to the same values
previously set
Unable to complete merge on previous attempt; trying again (retry: 2)
Bug #1022166 {Done: Aurelien Jarno } [src:glibc]
gcc-snapshot: Building GCC with it fails to configure
Ignoring request to alter fixed versions of bug #1022166 to the same values
previously set
Unable to complete merge on previous attempt; trying again (retry: 3)
Bug #1022166 {Done: Aurelien Jarno } [src:glibc]
gcc-snapshot: Building GCC with it fails to configure
Ignoring request to alter fixed versions of bug #1022166 to the same values
previously set
After four attempts, the following changes were unable to be made:
fixed_versions of #1022166 is 'glibc/2.36-7' not '2.36-7'
Failed to forcibly merge 1021165: Unable to modify bugs so they could be merged.
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
1021165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021165
1022166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022166
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed (with 1 error): your mail
Processing commands for cont...@bugs.debian.org:
> merge 1021165 1022166
Bug #1021165 {Done: Aurelien Jarno } [src:glibc] armhf:
floatn-common.h:214:9: error: multiple types in one declaration
Unable to merge bugs because:
severity of #1022166 is 'normal' not 'grave'
affects of #1022166 is '' not 'src:highway,src:gcc-snapshot'
package of #1022166 is 'gcc-snapshot' not 'src:glibc'
Failed to merge 1021165: Did not alter merged bugs.
>
End of message, stopping processing here.
Please contact me if you need assistance.
--
1021165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021165
1022166: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1022166
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1027215: marked as done (theano: autopkgtest fail with numpy/1.24.1)
Your message dated Thu, 02 Mar 2023 06:50:50 + with message-id and subject line Bug#1027215: fixed in theano 1.1.2+dfsg-4 has caused the Debian Bug report #1027215, regarding theano: autopkgtest fail with numpy/1.24.1 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1027215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: theano Severity: important User: debian-pyt...@lists.debian.org Usertags: numpy1.24 Hello, recently numpy/1.24.1 has been uploaded to experimental, and this package autopkgtest fail when running against it. An overview of the upstream changes in the 1.24.x series is available at: https://numpy.org/doc/stable/release/1.24.0-notes.html Several of the errors are in the form of: AttributeError: module 'numpy' has no attribute 'X' with X in [float, int, bool, object, ...]. This is because, numpy upstream in 1.24.0, finally decided to expire https://numpy.org/doc/stable/release/1.24.0-notes.html#:~:text=The%20deprecation%20for%20the%20aliases some deprecations introduced in 1.20.0 https://numpy.org/doc/stable/release/1.20.0-notes.html#using-the-aliases-of-builtin-types-like-np-int-is-deprecated (released almost 2 years ago). All of those are quite straightforward to fix, since often it's just necessary to stop importing them from numpy and use the python native types. Other changes may requires a bit more rework to be addressed. Currently numpy/1.24.x is in experimental, but given the possible longer support that it'll receive from upstream, we're hopeful to include this in bookworm, so your help is necessary to address this bug ASAP. Regards, Sandro --- End Message --- --- Begin Message --- Source: theano Source-Version: 1.1.2+dfsg-4 Done: Andreas Tille We believe that the bug you reported is fixed in the latest version of theano, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1027...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Tille (supplier of updated theano package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 Mar 2023 13:41:49 +0100 Source: theano Architecture: source Version: 1.1.2+dfsg-4 Distribution: experimental Urgency: medium Maintainer: Debian Science Maintainers Changed-By: Andreas Tille Closes: 1026539 1027215 Changes: theano (1.1.2+dfsg-4) experimental; urgency=medium . * Team upload. * Fix for numpy 1.24 Closes: #1027215, #1026539, * Add Depends: python3-setuptools which is used in numpy 1.24 patch * Skip failing test * Do not make Salsa CI fail in case of warnings Checksums-Sha1: 20505852fc6bf2b337d180e19d929d56cfccd522 2828 theano_1.1.2+dfsg-4.dsc c88c79ba68dc8ff172a8dd4de04344e2a6550884 74468 theano_1.1.2+dfsg-4.debian.tar.xz f7bad496cf47050dfc58438f373555e56c8121f2 27517 theano_1.1.2+dfsg-4_source.buildinfo Checksums-Sha256: d391120fff67d6c83ac93c2331564603a2223a8bdd98f902c497233d297636a3 2828 theano_1.1.2+dfsg-4.dsc c97bb521b09c0fdf283930ebb584f6617a5ff43f875a5d7a9c1c90aa2e64 74468 theano_1.1.2+dfsg-4.debian.tar.xz 0b31c75ba27df23fdc79bdbede2eaa21350708945f698d637cd7a76938cfc750 27517 theano_1.1.2+dfsg-4_source.buildinfo Files: d04af675774acc262cf85948d3c5d2cc 2828 science optional theano_1.1.2+dfsg-4.dsc 7a0c35c5e81edc2d52a00a1609ab9840 74468 science optional theano_1.1.2+dfsg-4.debian.tar.xz b67889adf5b1de028357c7d3786976e1 27517 science optional theano_1.1.2+dfsg-4_source.buildinfo -BEGIN PGP SIGNATURE- iQJCBAEBCgAsFiEE8fAHMgoDVUHwpmPKV4oElNHGRtEFAmQAQrAOHHRpbGxlYUBy a2kuZGUACgkQV4oElNHGRtHm+w/+L9zrWpWPDOevvl8N8GxuOxUE1Tvr4PB6c3xQ OaU8aXP2p+gyQPCYDJkZroIBru8Jq5eqTn4eBaP+ekuu3yuWe1b9LqQkOQRLQ2on FiTu+rodkORrzON1aQWQI2JBcNEhlr8Lsfonjm8qeU6ihtzU9LNfU7wzFNUtsTFU gJbUTC86tTU6/DxmW7LBWGPg9kk6VNMRK3L/R9XsQZWaHELZ9VkHNvRMH3zSRsUS Yhwe11WZSSV/kxbu6amr14JaD2i0HEMteyhnNthF9wOd49KkLSmhdX+NT3sBf2aD hOFPsjsA4ZLFm+1ljFGfV6WqnHawRgkBHSCOjPop9U5rv67/hnwIwEMLn4XDIYJv NcB7esLO6Ke41aLzb4a4yN/qQbYPMbvkPenPgO+yh1hF7YZeNnZ8HdXFYIxsz8OR a2ntpXMKVnadMt8mSAxcfve1Y8vZPZH9DYaJg4hh2wFXI50DE3bqUxzYwQB/we2r
Bug#1026539: marked as done (theano: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i python{version} -p 3.10 returned exit code 13)
Your message dated Thu, 02 Mar 2023 06:50:50 +
with message-id
and subject line Bug#1026539: fixed in theano 1.1.2+dfsg-4
has caused the Debian Bug report #1026539,
regarding theano: FTBFS: dh_auto_test: error: pybuild --test --test-pytest -i
python{version} -p 3.10 returned exit code 13
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1026539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: theano
Version: 1.0.5+dfsg-8
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20221220 ftbfs-bookworm
Hi,
During a rebuild of all packages in sid, your package failed to build
on amd64.
Relevant part (hopefully):
> === FAILURES
> ===
> TestDownsampleFactorMax.test_DownsampleFactorMaxStride
>
>
> self = at 0x7f9a14696d10>
>
> def test_DownsampleFactorMaxStride(self):
> rng = np.random.RandomState(utt.fetch_seed())
> # maxpool, stride, ignore_border, input, output sizes
> examples = (
> ((1, 1), (1, 1), True, (4, 10, 16, 16), (4, 10, 16, 16)),
> ((1, 1), (5, 7), True, (4, 10, 16, 16), (4, 10, 4, 3)),
> ((1, 1), (1, 1), False, (4, 10, 16, 16), (4, 10, 16, 16)),
> ((1, 1), (5, 7), False, (4, 10, 16, 16), (4, 10, 4, 3)),
> ((3, 3), (1, 1), True, (4, 10, 16, 16), (4, 10, 14, 14)),
> ((3, 3), (3, 3), True, (4, 10, 16, 16), (4, 10, 5, 5)),
> ((3, 3), (5, 7), True, (4, 10, 16, 16), (4, 10, 3, 2)),
> ((3, 3), (1, 1), False, (4, 10, 16, 16), (4, 10, 14, 14)),
> ((3, 3), (3, 3), False, (4, 10, 16, 16), (4, 10, 6, 6)),
> ((3, 3), (5, 7), False, (4, 10, 16, 16), (4, 10, 4, 3)),
> ((5, 3), (1, 1), True, (4, 10, 16, 16), (4, 10, 12, 14)),
> ((5, 3), (3, 3), True, (4, 10, 16, 16), (4, 10, 4, 5)),
> ((5, 3), (5, 7), True, (4, 10, 16, 16), (4, 10, 3, 2)),
> ((5, 3), (1, 1), False, (4, 10, 16, 16), (4, 10, 12, 14)),
> ((5, 3), (3, 3), False, (4, 10, 16, 16), (4, 10, 5, 6)),
> ((5, 3), (5, 7), False, (4, 10, 16, 16), (4, 10, 4, 3)),
> ((16, 16), (1, 1), True, (4, 10, 16, 16), (4, 10, 1, 1)),
> ((16, 16), (5, 7), True, (4, 10, 16, 16), (4, 10, 1, 1)),
> ((16, 16), (1, 1), False, (4, 10, 16, 16), (4, 10, 1, 1)),
> ((16, 16), (5, 7), False, (4, 10, 16, 16), (4, 10, 1, 1)),
> ((3,), (5,), True, (16,), (3,)),
> ((3,), (5,), True, (2, 16,), (2, 3,)),
> ((5,), (3,), True, (2, 3, 16,), (2, 3, 4,)),
> ((5, 1, 3), (3, 3, 3), True, (2, 16, 16, 16), (2, 4, 6, 5)),
> ((5, 1, 3), (3, 3, 3), True, (4, 2, 16, 16, 16), (4, 2, 4, 6, 5)),
> )
>
> for example, mode in product(examples, ['max',
> 'sum',
> 'average_inc_pad',
> 'average_exc_pad']):
> (maxpoolshp, stride, ignore_border, inputshp, outputshp) = example
> # generate random images
> imval = rng.rand(*inputshp)
> images = theano.shared(imval)
> # Pool op
> numpy_output_val = \
> > self.numpy_max_pool_nd_stride(imval, maxpoolshp,
> ignore_border, stride,
> mode)
>
> theano/tensor/signal/tests/test_pool.py:406:
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
> _
>
> input = array(7.00437122e-01, 8.44186643e-01, 6.76514336e-01, ...,
> 7.00844752e-01, 2.93228106e-01, 7.74479454e-0...
> [8.75885705e-01, 9.43403362e-01, 2.46839958e-01, ...,
> 6.39886889e-01, 3.33503280e-01, 3.56632048e-04)
> ws = (1, 1), ignore_border = True, stride = (1, 1), mode = 'max'
>
> @staticmethod
> def numpy_max_pool_nd_stride(input, ws, ignore_border=False, stride=None,
> mode='max'):
> '''Helper function, implementing pooling in pure numpy
>this function provides stride input to indicate the stide size
>for the pooling regions. if not indicated, stride == ws.'''
> nd = len(ws)
> if stride is None:
> stride = ws
> assert len(stride) == len(ws)
>
>
Bug#1024544: fakeroot: FTBFS on mipsel blocking fix for #1023286
X-Debbugs-Cc: z...@debian.org, ni...@thykier.net, z...@debian.org Control: tags -1 + patch Hi, On Thu, Dec 15, 2022 at 09:49:36AM +0100, Chris Hofstaedtler wrote: > * Niels Thykier : > > The fakeroot/1.30.1-1 FTBFS on mipsel (release arch) which blocks the fix > > for #1023286 from affecting mipsel binaries. > > I'll note that the FTBFS is caused by a test failure in test > "t.chown". stat(1) is used to check the expected owner of a file, > and the test reveals (I think) a wrapping problem. > > I *think* the actual function called by stat(1) might not be wrapped > in the running stat(1) process, but I cannot tell if this is a > problem with the LD_PRELOAD approach or a missing wrapper or > something else. > > Unfortunately most of the code seemingly relevant is "documented" > using words like "hack", "stuff" and "shuffle", making it harder to > follow than maybe necessary. > While fixing #1030638, I have verified my patch[1] fixes mipsel as well. [1] https://salsa.debian.org/clint/fakeroot/-/merge_requests/22
Processed: Re: Bug#1024544: fakeroot: FTBFS on mipsel blocking fix for #1023286
Processing control commands: > tags -1 + patch Bug #1024544 [fakeroot] fakeroot: FTBFS on mipsel blocking fix for #1023286 Added tag(s) patch. -- 1024544: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024544 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1031966: marked as done (python-pydata-sphinx-theme-doc is empty)
Your message dated Thu, 02 Mar 2023 06:06:47 + with message-id and subject line Bug#1031966: fixed in pydata-sphinx-theme 0.7.2-3 has caused the Debian Bug report #1031966, regarding python-pydata-sphinx-theme-doc is empty to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1031966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: python-pydata-sphinx-theme-doc Version: 0.7.2-2 Severity: serious /. /usr /usr/share /usr/share/doc /usr/share/doc/python-pydata-sphinx-theme-doc /usr/share/doc/python-pydata-sphinx-theme-doc/changelog.Debian.gz /usr/share/doc/python-pydata-sphinx-theme-doc/changelog.gz --- End Message --- --- Begin Message --- Source: pydata-sphinx-theme Source-Version: 0.7.2-3 Done: Sandro Tosi We believe that the bug you reported is fixed in the latest version of pydata-sphinx-theme, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1031...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sandro Tosi (supplier of updated pydata-sphinx-theme package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 02 Mar 2023 00:46:25 -0500 Source: pydata-sphinx-theme Architecture: source Version: 0.7.2-3 Distribution: unstable Urgency: medium Maintainer: Sandro Tosi Changed-By: Sandro Tosi Closes: 997076 1031966 Changes: pydata-sphinx-theme (0.7.2-3) unstable; urgency=medium . * Drop -doc package; Closes: #997076, #1031966 Checksums-Sha1: 12b617616593bf353d269ce780928dae1538a6ba 2180 pydata-sphinx-theme_0.7.2-3.dsc 1f9966b7a4cd6f27b9e9152e0d7220ce0db25f9a 34664 pydata-sphinx-theme_0.7.2-3.debian.tar.xz 19b9f8964f5e860e67ae1d683e73eb2d3c648b4d 8402 pydata-sphinx-theme_0.7.2-3_source.buildinfo Checksums-Sha256: 064ed9537493a819e75bab540ea354dc11de2d2a333a016106bdc2ce28653f1c 2180 pydata-sphinx-theme_0.7.2-3.dsc 4f3f6d9dbac90b4bb097b673f8c70343ffe3cef96ac0ee2f8c60d79617b6c89e 34664 pydata-sphinx-theme_0.7.2-3.debian.tar.xz 553d11cb687adc0a59a7c79c0d85f46005b97121482347ace62d852732435e15 8402 pydata-sphinx-theme_0.7.2-3_source.buildinfo Files: 6ef445a65a7b186e80461c2615fc4151 2180 python optional pydata-sphinx-theme_0.7.2-3.dsc 39fda3546b31417dec2401fd40f20e37 34664 python optional pydata-sphinx-theme_0.7.2-3.debian.tar.xz 8ca82b8fbf2d0b911781d9f40c1f5e2a 8402 python optional pydata-sphinx-theme_0.7.2-3_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEufrTGSrz5KUwnZ05h588mTgBqU8FAmQAOEoACgkQh588mTgB qU+fsQ/7BXMJLFjOd5LnVAf2CXNNVQh/c0xInp29LWE/YafIqPL4ngzLwPXA6nlo LO/L8Mi2CpAc6RhvyCSiZo0KZSP9U6V/qZ523PYKsCpHBkhh8ijaTRVVoRP9mPer OXgeniDx3ifIF4661rUgWVgneOaRHp4V/TltlHoLFUJkwFsnN60qjBRPbJVzO9/E Z1caH+LNi8V87YgHiby8lt56m+AB7PMwzZkKzquItSyJzcEBlpVH4zXuPXbHC5xm cPnYRDyyccvE6U8h+xALESSrWBGo0Oc6LCjyIN3J/WCkaEpF0oeKdyn8eLge64R9 6RtBqlZfMyNaxScvsDXTmQst6ja+hA0QZ9OnxEDzysbZs1WL2MAEmD4GMjQzjJk0 rRQ16Davmq+9F8n8DzKXj2qY+VPxmDfwBAdYZBUKI0ygZDO9I8+JqvEKwntk8QmK 14nn4q3DM+NL8of2CtHDp4/CVfwY5IbqQ7SJAu2LWBSWHOdvlwGYtTVcdnDzMThS 45k1t3EuTDuTTk2VjvL5uhS8dntQeAKL9gTaIa1iJ57vcKst/xwpcj3I32/eIi8L SGLMfhaVCagKKG+LA/ZO+8q7+uTPzEiJsuWkir8s8Pb6N7xe65BLc6X3OCPwDD/m FEakRlUzPuXeINhGD8lCCqbZuinP257gjNurE/JOZJvjlBHGsYY= =ydXn -END PGP SIGNATURE End Message ---
Bug#994758: marked as done (Soname change without package name change)
Your message dated Thu, 02 Mar 2023 06:00:14 + with message-id and subject line Bug#994758: fixed in sg3-utils 1.46-2 has caused the Debian Bug report #994758, regarding Soname change without package name change to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 994758: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994758 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libsgutils2-2 Severity: wishlist Hi Maintainer, The ledmon package was reported by https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994521 to cause ledmon service was unable to run due to the broken dependency of libsgutils2-2. It seems like the softlink will keep changing since 1.45: ./usr/lib/x86_64-linux-gnu/libsgutils2-1.46.so.2 -> libsgutils2-1.46.so.2.0.0 I'm humble to ask how we can improve this case or is re-building the only way to solve? Thanks, -- Woodrow Shen (Hsieh-Tseng Shen) 4FA0 D159 803F F8B6 34E9 5A38 3970 FE24 7CB6 9685 woodrow.s...@gmail.com signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: sg3-utils Source-Version: 1.46-2 Done: Jonathan McDowell We believe that the bug you reported is fixed in the latest version of sg3-utils, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 994...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jonathan McDowell (supplier of updated sg3-utils package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 Mar 2023 09:24:47 + Source: sg3-utils Binary: libsgutils2-1.46-2 libsgutils2-1.46-2-dbgsym libsgutils2-dev sg3-utils sg3-utils-dbgsym sg3-utils-udev Architecture: source amd64 all Version: 1.46-2 Distribution: experimental Urgency: medium Maintainer: Ritesh Raj Sarraf Changed-By: Jonathan McDowell Description: libsgutils2-1.46-2 - utilities for devices using the SCSI command set (shared librarie libsgutils2-dev - utilities for devices using the SCSI command set (developer files sg3-utils - utilities for devices using the SCSI command set sg3-utils-udev - utilities for devices using the SCSI command set (udev rules) Closes: 994758 Changes: sg3-utils (1.46-2) experimental; urgency=medium . [ Debian Janitor ] * Use secure URI in Homepage field. . [ Jonathan McDowell ] * Rename libsgutils2-2 package to include package version (Closes: #994758) Checksums-Sha1: d961047bad36cd778c71490e792093c4233624f2 2147 sg3-utils_1.46-2.dsc fa36964c9c60fa131ba922394dff2740d343ecf3 11164 sg3-utils_1.46-2.debian.tar.xz aca7dbd9272184e6b08ede057d70908f000a5edb 201504 libsgutils2-1.46-2-dbgsym_1.46-2_amd64.deb ffe3cf8d9821707cebeab0727987f8805f5f8a52 116928 libsgutils2-1.46-2_1.46-2_amd64.deb 9b515c21159b888d3940c788650ca59d7b924da2 148112 libsgutils2-dev_1.46-2_amd64.deb bcc8d25743ec18f34ca9f7ba22de800626056e01 1257844 sg3-utils-dbgsym_1.46-2_amd64.deb f3c7ed929ac939afed9191f34f07cad356c20af3 36952 sg3-utils-udev_1.46-2_all.deb 2cb8c044305328209e095272c17d4abfad1fa913 7339 sg3-utils_1.46-2_amd64.buildinfo b2f0f3c9d8d361ef52786959b7adf637528a 845112 sg3-utils_1.46-2_amd64.deb Checksums-Sha256: 32f8b1eaad6af7da1c5515b6c752e1aa5f453081ff206b5cc41c565b64ba616b 2147 sg3-utils_1.46-2.dsc 279299525aac59627c24fa1eeb2a0d199a9ae52efdccb0ff72de06462c6a208c 11164 sg3-utils_1.46-2.debian.tar.xz b24039e4dfe4fc1fa8bcc38e90685fa263fcbbfb93064807cc1e744ae7fb5060 201504 libsgutils2-1.46-2-dbgsym_1.46-2_amd64.deb 07e3e3f44a0e11472ebc1c8d66dd477fefde4383f8ebf7091cffeb2e8acf894b 116928 libsgutils2-1.46-2_1.46-2_amd64.deb 65d9cc0c7b8425df53f6d13452a8a22c8ca905e38bb356f2e371931f7bcce5bc 148112 libsgutils2-dev_1.46-2_amd64.deb dec1827f00e8713a0c26eabd3ecd56f9aaeaf0bcf0bc6ee110045ed7f0446c08 1257844 sg3-utils-dbgsym_1.46-2_amd64.deb b9e5056951fd447a59ae0ce0beab3f284a9a1d507388b79827d41db8d05ffaca 36952 sg3-utils-udev_1.46-2_all.deb 87d7997cb2e9892e1c344cab66d50b93daa258fd91f5a60a4b1726d814d66448 7339 sg3-utils_1.46-2_amd64.buildinfo ab57d88359a8389923fd2f441fe83bd901a7be4da48be8c82194aa5a104935e2 845112 sg3-utils_1.46-2_amd64.deb Files: f866999b3feecd750c95157f4dbfcc83 2147 admin optional
Processed: Bug#1031966 marked as pending in pydata-sphinx-theme
Processing control commands: > tag -1 pending Bug #1031966 [python-pydata-sphinx-theme-doc] python-pydata-sphinx-theme-doc is empty Ignoring request to alter tags of bug #1031966 to the same tags previously set -- 1031966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1031966: marked as pending in pydata-sphinx-theme
Control: tag -1 pending Hello, Bug #1031966 in pydata-sphinx-theme reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/packages/pydata-sphinx-theme/-/commit/5a2698d500c93636d60ecdf450a4e0f31b313c30 Drop -doc package; Closes: #997076, #1031966 (this message was generated automatically) -- Greetings https://bugs.debian.org/1031966
Bug#1031966: marked as pending in pydata-sphinx-theme
Control: tag -1 pending Hello, Bug #1031966 in pydata-sphinx-theme reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/python-team/packages/pydata-sphinx-theme/-/commit/5a2698d500c93636d60ecdf450a4e0f31b313c30 Drop -doc package; Closes: #997076, #1031966 (this message was generated automatically) -- Greetings https://bugs.debian.org/1031966
Processed: Bug#1031966 marked as pending in pydata-sphinx-theme
Processing control commands: > tag -1 pending Bug #1031966 [python-pydata-sphinx-theme-doc] python-pydata-sphinx-theme-doc is empty Added tag(s) pending. -- 1031966: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031966 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032221: marked as done (cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work)
Your message dated Thu, 02 Mar 2023 04:36:00 + with message-id and subject line Bug#1032221: fixed in cryptsetup 2:2.6.1-2 has caused the Debian Bug report #1032221, regarding cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: cryptsetup Version: 2:2.6.1-1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: kai.weber+deb...@glorybox.de Dear Maintainer, Today's upgrade triggered a rebuild of the initramfs. After a reboot I can no longer login to my system. Using an older kernel worked. This ist the error message: Please unlock disk nvme0n1p3_crypt: libgcc_s.so.1 must be installed for pthread_exit to work Aborted cryptsetup: ERROR: nvme0n1p3_crypt: cryptsetup failed, bad password or options? Some investigations: - update-initramfs does indeed not copy libpthread.so or libgcc_s.so - none of the binaries copied during the update seem to depend on those libraries - attached is the debug output I added to the copy_exec function (echo "$src $x" >> /tmp/dependencies.log) Doing some research I found an older bug #950254 that helped me debugging the issue -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/vmlinuz-6.1.0-4-amd64 root=/dev/mapper/dummy--vg-root ro quiet -- /etc/crypttab nvme0n1p3_crypt UUID=e9aff144-a836-49d6-8640-01f4b7c3bb8b none luks,discard -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # systemd generates mount units based on this file, see systemd.mount(5). # Please run 'systemctl daemon-reload' after making changes here. # # /dev/mapper/dummy--vg-root / ext4errors=remount-ro 0 1 # /boot was on /dev/nvme0n1p2 during installation UUID=0d9a09b3-abe6-4831-ad3a-166f68e6c77f /boot ext2defaults 0 2 # /boot/efi was on /dev/nvme0n1p1 during installation UUID=D114-FD63 /boot/efi vfatumask=0077 0 1 /dev/mapper/dummy--vg-swap_1 noneswapsw 0 0 -- lsmod Module Size Used by snd_usb_audio 376832 1 snd_usbmidi_lib45056 1 snd_usb_audio snd_rawmidi53248 1 snd_usbmidi_lib xt_conntrack 16384 1 nft_chain_nat 16384 3 xt_MASQUERADE 20480 1 nf_nat 57344 2 nft_chain_nat,xt_MASQUERADE nf_conntrack_netlink57344 0 nf_conntrack 188416 4 xt_conntrack,nf_nat,nf_conntrack_netlink,xt_MASQUERADE nf_defrag_ipv6 24576 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack xfrm_user 53248 1 xfrm_algo 16384 1 xfrm_user xt_addrtype16384 2 nft_compat 20480 4 nf_tables 286720 57 nft_compat,nft_chain_nat libcrc32c 16384 3 nf_conntrack,nf_nat,nf_tables nfnetlink 20480 4 nft_compat,nf_conntrack_netlink,nf_tables br_netfilter 32768 0 bridge311296 1 br_netfilter stp16384 1 bridge llc16384 2 bridge,stp typec_displayport 16384 1 ctr16384 2 ccm20480 6 uhid 20480 1 rfcomm 94208 4 cmac 16384 3 snd_seq_dummy 16384 0 snd_hrtimer16384 1 algif_hash 16384 1 snd_seq90112 7 snd_seq_dummy algif_skcipher 16384 1 snd_seq_device 16384 2 snd_seq,snd_rawmidi af_alg 36864 6 algif_hash,algif_skcipher overlay 159744 0 qrtr 49152 4 bnep 28672 2 binfmt_misc24576 1 nls_ascii 16384 1 nls_cp437 20480 1 vfat 24576 1 fat90112 1 vfat snd_sof_pci_intel_skl16384 0 snd_sof_intel_hda_common 188416 1 snd_sof_pci_intel_skl soundwire_intel49152 1 snd_sof_intel_hda_common soundwire_generic_allocation16384 1 soundwire_intel snd_hda_codec_hdmi 81920 1 soundwire_cadence 40960 1 soundwire_intel snd_sof_intel_hda 20480 1 snd_sof_intel_hda_common snd_sof_pci24576 2 snd_sof_intel_hda_common,snd_sof_pci_intel_skl snd_sof_xtensa_dsp
Processed: Re: Bug#1014110: libargon2 0~20190702-0.1 no longer links against libpthread which breaks cryptsetup-initramfs
Processing control commands: > clone -1 -2 Bug #1032221 [libargon2-1] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Bug 1032221 cloned as bug 1032235 > reassign -1 cryptsetup-initramfs 2:2.6.1-1 Bug #1032221 [libargon2-1] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Bug reassigned from package 'libargon2-1' to 'cryptsetup-initramfs'. No longer marked as found in versions argon2/0~20190702-0.1. Ignoring request to alter fixed versions of bug #1032221 to the same values previously set Bug #1032221 [cryptsetup-initramfs] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Marked as found in versions cryptsetup/2:2.6.1-1. -- 1032221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032221: Bug#1014110: libargon2 0~20190702-0.1 no longer links against libpthread which breaks cryptsetup-initramfs
Control: clone -1 -2 Control: reassign -1 cryptsetup-initramfs 2:2.6.1-1 On Thu, 02 Mar 2023 at 02:57:20 +0100, Guilhem Moulin wrote: > On Wed, 01 Mar 2023 at 12:04:04 +, Debian FTP Masters wrote: >> Changes: >> argon2 (0~20190702-0.1) unstable; urgency=medium >> . >> […] >> * Only build udeb without threads (Closes: #1014110) > > AFAICT #1014110 says nothing about udeb, but that change actually builds > libargon2 (.deb) without pthread support (which AFAICT isn't what > #1014110 is about either). This badly breaks cryptsetup-initramfs, see > #1032221. Given 1/ we're soft freeze already, 2/ 0~20190702-0.1 was > NMU'ed, and 3/ the breakage it causes, I'll revert the change shortly. Ah no my bad, the changelog entry is probably incorrect and the cryptsetup-initramfs breakage is caused by the recent libargon2 upload indeed, but AFAICT not by anything particular in the upload. It's just that the recent upload is built with glibc ≥2.34 hence no longer links libpthread. That in turns means that initramfs-tool's copy_exec() is no longer able to detect pthread_*() need and thus doesn't copy libgcc_s.so anymore… I'll fix that in cryptsetup-initramfs 2:2.6.1-2 but am temporarily leaving a clone open against libargon2-1 due to the severity of the breakage. That'll hopefully warn folks to wait a bit before updating libargon2-1. Will close or merge back #-2 later once the newer src:cryptsetup has entered the archive. -- Guilhem. signature.asc Description: PGP signature
Processed: severity of 1032188 is important
Processing commands for cont...@bugs.debian.org:
> severity 1032188 important
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222
Severity set to 'important' from 'serious'
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1032188: [Pkg-javascript-devel] Bug#1032188: debdiff
On 3/1/23 18:40, Bastien Roucariès wrote: Dear security team, For bullseye will you find the debdiff attached. Waiting for your instruction Salut, pour les bugs mineurs de ce style, passe par un bullseye-pu A+
Bug#1032221: cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work
Booting an older kernel/initrd and then downgrading libargon2-1 to the version in Testing and updating the initrd resolves the situation for now. Thanks to Kai and Guilhem. Regards, Daniel signature.asc Description: This is a digitally signed message part
Processed: reassign 1032221 to libargon2-1, affects 1032221
Processing commands for cont...@bugs.debian.org: > reassign 1032221 libargon2-1 0~20190702-0.1 Bug #1032221 [cryptsetup] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Bug reassigned from package 'cryptsetup' to 'libargon2-1'. No longer marked as found in versions cryptsetup/2:2.6.1-1. Ignoring request to alter fixed versions of bug #1032221 to the same values previously set Bug #1032221 [libargon2-1] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Marked as found in versions argon2/0~20190702-0.1. > affects 1032221 cryptsetup-initramfs Bug #1032221 [libargon2-1] cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work Added indication that 1032221 affects cryptsetup-initramfs > thanks Stopping processing here. Please contact me if you need assistance. -- 1032221: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032221 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1031928: python3-django-hyperkitty: Javascript not loaded because of HTML error
Package: python3-django-hyperkitty Followup-For: Bug #1031928 X-Debbugs-Cc: h...@hjp.at Control: tags -1 moreinfo Hi Peter, I'd like to gain some experience with configuring email infrastructure, and this bug seems like a good opportunity to learn. I haven't yet been able to reproduce the self-closing HTML script tags; here's roughly the series of install steps I used (I may have omitted one or two details) to get the interface up-and-running: # apt install mailman3-full # vim /etc/mailman3/mailman-web.py # configure REST API creds # ln -s /etc/mailman3/apache.conf /etc/apache2/conf-available/mailman3.conf # a2enconf mailman3 # a2enmod proxy_uwsgi # systemctl restart mailman3-web # systemctl restart apache2 (note that I also had postfix utilities installed on the system) That seemed to work: I was able to browse the postorius web interface and see that I had no mailing lists configured. Checking the HTML source of the page, I did see some tags -- including for 'popper.js' -- each of them had a closing tag, as expected. Could you provide any more information on configuration steps / settings that may be required to reproduce the problem? Thanks! James
Processed: Re: python3-django-hyperkitty: Javascript not loaded because of HTML error
Processing control commands: > tags -1 moreinfo Bug #1031928 [python3-django-hyperkitty] python3-django-hyperkitty: Javascript not loaded because of HTML error Added tag(s) moreinfo. -- 1031928: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031928 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032101: marked as done (libheif: CVE-2023-0996)
Your message dated Thu, 02 Mar 2023 00:29:09 + with message-id and subject line Bug#1032101: fixed in libheif 1.15.1-1 has caused the Debian Bug report #1032101, regarding libheif: CVE-2023-0996 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1032101: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032101 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for libheif. CVE-2023-0996[0]: | There is a vulnerability in the strided image data parsing code in the | emscripten wrapper for libheif. An attacker could exploit this through | a crafted image file to cause a buffer overflow in linear memory | during a memcpy call. https://github.com/strukturag/libheif/pull/759 https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0996 https://www.cve.org/CVERecord?id=CVE-2023-0996 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: libheif Source-Version: 1.15.1-1 Done: Sebastian Ramacher We believe that the bug you reported is fixed in the latest version of libheif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1032...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher (supplier of updated libheif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 02 Mar 2023 00:09:34 +0100 Source: libheif Architecture: source Version: 1.15.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Sebastian Ramacher Closes: 1029668 1032101 Changes: libheif (1.15.1-1) unstable; urgency=medium . * Team upload * New upstream version 1.15.1 - Fix CVE-2023-0996 (Closes: #1032101) - Do not fail if no plugin directory is available (Closes: #1029668) * debian/libheif1.symbols: Add new symbols * debian/*.install: Update for new upstream release Checksums-Sha1: 0e7b4c1964fa2af3945970de3a977ee339870eba 2290 libheif_1.15.1-1.dsc c73aa096a5e218ff7dfdfacaa4c574843a43a380 1749018 libheif_1.15.1.orig.tar.gz 67f821322e40cdb5cf15c8210b544f6192312513 7780 libheif_1.15.1-1.debian.tar.xz Checksums-Sha256: 98f754acc2d36c3dc58dd8f5d86a608995378172fb11a1e209da638456942201 2290 libheif_1.15.1-1.dsc 28d5a376fe7954d2d03453f983aaa0b7486f475c27c7806bda31df9102325556 1749018 libheif_1.15.1.orig.tar.gz e7bf281fec0bbeaaacdaddb10585de27809c3bd5e80efa1f86943869e0f16fa9 7780 libheif_1.15.1-1.debian.tar.xz Files: 394d6a41c768008da8cf9e078b29811f 2290 libs optional libheif_1.15.1-1.dsc 220c2e35176cf88b48f943b0cdd0fd8e 1749018 libs optional libheif_1.15.1.orig.tar.gz dfe55d84f4f808081bbe4b2ad44b1b72 7780 libs optional libheif_1.15.1-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmP/24MACgkQafL8UW6n GZOPXQ//ZafdMNecZpHz2pX3OlFsM0EtQrw1RcLNehyf4YwLf7/77c8W1jiNHNCW KlZ1a+s/f7SKrCWljwnBZX+OzbjqHrat8EJzcsF9QDcktID/xrbo5ZZ7qFeIe8db loxp+3WGe3GwoyXs+ThT8D/jTQvglLZjodW5bCSC1o3a41Z4pEmw764AeW5NYHDf AtU8Y2ZRSaz3f/MjiYP5sDpMurak1W4Solpnrml9I0jAenNFTh8VHi8a2So9NwbS F71X1oSsaJBuuV/YTT+VUcHX1SEgdG9eCYaU2EpnoLc+4+b5U8Nu/bO+Sfy98GHV lVdMGMaCZ8x6vbXz3+J0042zpXOckXT+D2gm5XfMOQGewyyQ3VC3QBEFiLhf0KQH PFN6vegt0AjYAwwi7oXtPka4Az8LQTJc8GpBew7FeBClEGzOq8LYBtI9QO3Ny4EF Mu8sl0SsZ+aOKWfjeXOGZOdmE42ykBiypj1FVgvY8hgu47XqYVQ2FcHzWtlEuH5g Cmmgfut2wTU638l/GlugNA8j6d/K2yd/2onWpgBTQFEV6IXrPrd3sRpVina/8WOp plZgi2VxJEWvn1xPh6LGOmHGBOvVjh9gok2uN+i9p94HcGTzTlf6QzpTbxhlSJUD Yk2VKU5DMzXULBkHi7j19WpKdLDeiKZZFMUOfiODIarLnkB+ugI= =a8PZ -END PGP SIGNATURE End Message ---
Bug#1029668: marked as done (Cannot read HEIC anymore)
Your message dated Thu, 02 Mar 2023 00:29:08 + with message-id and subject line Bug#1029668: fixed in libheif 1.15.1-1 has caused the Debian Bug report #1029668, regarding Cannot read HEIC anymore to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1029668: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029668 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: heif-gdk-pixbuf Version: 1.14.2-1 X-Debbugs-No-Ack: noack $ file $2 trips/2022/DCIM/Camera/20221118_121323.heic: ISO Media, HEIF Image HEVC Main or Main Still Picture Profile $ viewnior $2 ** (viewnior:12267): WARNING **: 15:48:54.146: Cannot read plugin directory. ** (viewnior:12267): WARNING **: 15:48:54.152: Cannot read plugin directory. (viewnior:12267): GdkPixbuf-CRITICAL **: 15:48:54.152: gdk_pixbuf_format_is_writable: assertion 'format != NULL' failed (viewnior:12267): GdkPixbuf-CRITICAL **: 15:48:54.152: gdk_pixbuf_animation_is_static_image: assertion 'GDK_IS_PIXBUF_ANIMATION (animation)' failed (viewnior:12267): GdkPixbuf-CRITICAL **: 15:48:54.152: gdk_pixbuf_animation_get_width: assertion 'GDK_IS_PIXBUF_ANIMATION (animation)' failed (viewnior:12267): GdkPixbuf-CRITICAL **: 15:48:54.152: gdk_pixbuf_animation_get_height: assertion 'GDK_IS_PIXBUF_ANIMATION (animation)' failed (viewnior:12267): Gtk-CRITICAL **: 15:48:54.152: IA__gtk_window_resize: assertion 'width > 0' failed (viewnior:12267): GLib-GObject-CRITICAL **: 15:48:54.152: g_object_unref: assertion 'G_IS_OBJECT (object)' failed Worked fine last week. --- End Message --- --- Begin Message --- Source: libheif Source-Version: 1.15.1-1 Done: Sebastian Ramacher We believe that the bug you reported is fixed in the latest version of libheif, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1029...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Sebastian Ramacher (supplier of updated libheif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 02 Mar 2023 00:09:34 +0100 Source: libheif Architecture: source Version: 1.15.1-1 Distribution: unstable Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Sebastian Ramacher Closes: 1029668 1032101 Changes: libheif (1.15.1-1) unstable; urgency=medium . * Team upload * New upstream version 1.15.1 - Fix CVE-2023-0996 (Closes: #1032101) - Do not fail if no plugin directory is available (Closes: #1029668) * debian/libheif1.symbols: Add new symbols * debian/*.install: Update for new upstream release Checksums-Sha1: 0e7b4c1964fa2af3945970de3a977ee339870eba 2290 libheif_1.15.1-1.dsc c73aa096a5e218ff7dfdfacaa4c574843a43a380 1749018 libheif_1.15.1.orig.tar.gz 67f821322e40cdb5cf15c8210b544f6192312513 7780 libheif_1.15.1-1.debian.tar.xz Checksums-Sha256: 98f754acc2d36c3dc58dd8f5d86a608995378172fb11a1e209da638456942201 2290 libheif_1.15.1-1.dsc 28d5a376fe7954d2d03453f983aaa0b7486f475c27c7806bda31df9102325556 1749018 libheif_1.15.1.orig.tar.gz e7bf281fec0bbeaaacdaddb10585de27809c3bd5e80efa1f86943869e0f16fa9 7780 libheif_1.15.1-1.debian.tar.xz Files: 394d6a41c768008da8cf9e078b29811f 2290 libs optional libheif_1.15.1-1.dsc 220c2e35176cf88b48f943b0cdd0fd8e 1749018 libs optional libheif_1.15.1.orig.tar.gz dfe55d84f4f808081bbe4b2ad44b1b72 7780 libs optional libheif_1.15.1-1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE94y6B4F7sUmhHTOQafL8UW6nGZMFAmP/24MACgkQafL8UW6n GZOPXQ//ZafdMNecZpHz2pX3OlFsM0EtQrw1RcLNehyf4YwLf7/77c8W1jiNHNCW KlZ1a+s/f7SKrCWljwnBZX+OzbjqHrat8EJzcsF9QDcktID/xrbo5ZZ7qFeIe8db loxp+3WGe3GwoyXs+ThT8D/jTQvglLZjodW5bCSC1o3a41Z4pEmw764AeW5NYHDf AtU8Y2ZRSaz3f/MjiYP5sDpMurak1W4Solpnrml9I0jAenNFTh8VHi8a2So9NwbS F71X1oSsaJBuuV/YTT+VUcHX1SEgdG9eCYaU2EpnoLc+4+b5U8Nu/bO+Sfy98GHV lVdMGMaCZ8x6vbXz3+J0042zpXOckXT+D2gm5XfMOQGewyyQ3VC3QBEFiLhf0KQH PFN6vegt0AjYAwwi7oXtPka4Az8LQTJc8GpBew7FeBClEGzOq8LYBtI9QO3Ny4EF Mu8sl0SsZ+aOKWfjeXOGZOdmE42ykBiypj1FVgvY8hgu47XqYVQ2FcHzWtlEuH5g Cmmgfut2wTU638l/GlugNA8j6d/K2yd/2onWpgBTQFEV6IXrPrd3sRpVina/8WOp plZgi2VxJEWvn1xPh6LGOmHGBOvVjh9gok2uN+i9p94HcGTzTlf6QzpTbxhlSJUD
Bug#1031909: python3-tk: bytecode not removed on upgrade
Package: python3-tk Followup-For: Bug #1031909 Some notes from inspecting (but not yet testing) the relevant scripts: * There is an open merge request intended to fix a bug when too-many-files are encountered by the lib2to3 'prerm' script: * https://salsa.debian.org/cpython-team/python3-stdlib/-/merge_requests/1 * The python3-distutils and python3-lib2to3 packages have prerm 'upgrade' steps to remove bytecode; python3-tk does not: * https://salsa.debian.org/cpython-team/python3-stdlib/-/blob/519a4643ba82ffd035827df37002c64853d4913b/debian/python3-distutils.prerm#L27-28 * https://salsa.debian.org/cpython-team/python3-stdlib/-/blob/519a4643ba82ffd035827df37002c64853d4913b/debian/python3-lib2to3.prerm#L27-28 * https://salsa.debian.org/cpython-team/python3-stdlib/-/blob/519a4643ba82ffd035827df37002c64853d4913b/debian/python3-tk.prerm#L27 * All three of the previously-mentioned binary packages clear out py3.9-and-older library content during 'postinst' of more recent package versions; a similar step for py3.10 library content could be worth adding * https://salsa.debian.org/cpython-team/python3-stdlib/-/blob/519a4643ba82ffd035827df37002c64853d4913b/debian/python3-lib2to3.postinst.in#L22-41
Bug#1030968: marked as done (fapolicyd fails to install)
Your message dated Wed, 01 Mar 2023 23:00:19 + with message-id and subject line Bug#1030968: fixed in fapolicyd 1.1.7-3 has caused the Debian Bug report #1030968, regarding fapolicyd fails to install to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1030968: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030968 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: fapolicyd Version: 1.1.7-2 Severity: serious https://piuparts.debian.org/sid/fail/fapolicyd_1.1.7-2.log ... Setting up fapolicyd (1.1.7-2) ... Adding group `fapolicyd' (GID 150) ... Done. chown: cannot access '/var/lib/fapolicyd': No such file or directory dpkg: error processing package fapolicyd (--configure): installed fapolicyd package post-installation script subprocess returned error exit status 1 Processing triggers for libc-bin (2.36-8) ... Errors were encountered while processing: fapolicyd --- End Message --- --- Begin Message --- Source: fapolicyd Source-Version: 1.1.7-3 Done: Nobuhiro Iwamatsu We believe that the bug you reported is fixed in the latest version of fapolicyd, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1030...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nobuhiro Iwamatsu (supplier of updated fapolicyd package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 02 Mar 2023 06:54:12 +0900 Source: fapolicyd Architecture: source Version: 1.1.7-3 Distribution: unstable Urgency: medium Maintainer: Nobuhiro Iwamatsu Changed-By: Nobuhiro Iwamatsu Closes: 1030968 Changes: fapolicyd (1.1.7-3) unstable; urgency=medium . * d/fapolicyd.postinst: Create /var/lib/fapolicyd. (Closes: #1030968) * d/fapolicyd.postrm: Remove /var/lib/fapolicyd. Checksums-Sha1: d1fbdd5628a3b808b523a06d4acc523e9b2abefb 2038 fapolicyd_1.1.7-3.dsc b0f678a1ca2fea7b51709e500e10537fd6d68600 8700 fapolicyd_1.1.7-3.debian.tar.xz 8d38af4a12441276ca1ac01e3cc155af5b8d 6310 fapolicyd_1.1.7-3_amd64.buildinfo Checksums-Sha256: b28e94359ec43ac04481b4c3fe74b65c31f6d98ae650c0b2acba339f65b09b3e 2038 fapolicyd_1.1.7-3.dsc 21fc9875cae284fee58ae19ffa2b297ddb4af1a8547025896e6e747896cfb9c9 8700 fapolicyd_1.1.7-3.debian.tar.xz 5639babfef9fb1428c743d42d104b09a30f4f7f2055baeb37f63536c8fb53f98 6310 fapolicyd_1.1.7-3_amd64.buildinfo Files: 2c7625524b310ff8a3b34190eed1bace 2038 utils optional fapolicyd_1.1.7-3.dsc cf5a313d003082069de4794d504bb50a 8700 utils optional fapolicyd_1.1.7-3.debian.tar.xz b448c8ee58ea35e9a5479b36a71390b0 6310 utils optional fapolicyd_1.1.7-3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEXmKe5SMhlzV7hM9DMiR/u0CtH6YFAmP/z8gACgkQMiR/u0Ct H6ZwqQ//W4tNpqbUsfwBLqJ1nC97QwNTuiQmNXmEJ2rlxUo+KumqRoR9OCLWLTkm Rnh9rYBIpqXi58OE8g+2cKuZV5ClC4NWLFvanUP4ZN6nrjEO7IBg3c+BM+z+PYil 0065MNULGKmyqCIQEjISqztvYO1HvudozHYfi4q3Gq4QKabRKSBFfSF5viwSt/Bg wzeVERbxF5F0Y5wnG0gC7t1QmDm9fR+VeRYY+NNj4/3IocVaPw33Vgz6+kMMYZPN R8K1x9+2sb+7ynEeUbhNm/rNzAg81hshcvGrHPksMTvqQJnoywPX+plT8AXcqGiO 0TWZsr3nK3RXIxQQKIW3pkRB6aa+wKve9SpDtBMQXP8WXsk+e+Cd4KpqyWujboPc pwEkKyZduiwLaT2FEpq6K5KtQRet7tI5Hs/WTirZJRkSxxtkmoWCZu9fr9MvE4i9 A16VKnJkQfhKXKgp2k8XMhAjMzau8XeRMGEahVfpnzccfxZIEzljg/KMXh5GyQIp S8PQ+5K1CPk+1Urp+muUtlyFZmuWvj1B7NnnV14ob3b9UfDCTkbkqoSqHBW4F7Sz NwhDBn8oosC4ommYwQdYOb+0v0vUgQtsd6OErD/PiVzVxu0tHOZ0739m5izBRB+7 9WZF/eWlJCIr+rgRvHKYkzDZmVoxLKX3Og7kmElI1ZxG8dNPm5s= =lTy4 -END PGP SIGNATURE End Message ---
Bug#1026539: How much do we lose if we remove theano (+keras, deepnano, invesalius)?
I agree that switching to Aesara is probably the only reasonable option other than removal. (I'd given up on trying to fix 1.0, and was intending to let removal happen.) However, it's a much bigger change than is normally allowed in bookworm at this point. (1.1 includes multiple breaking changes, which is why it's in experimental, but a quick codesearch suggests these parts *may* not be used in keras/deepnano. https://github.com/aesara-devs/aesara/releases?page=8 ) Do you want to ask release team for permission to do this? Or do you want to try the same patches on 1.0? (I suspect that that won't work, but I haven't actually tried it.) (Also, you might not want numpy1p24_compat.patch - the v1p0 branch is currently in whatever state it was in when I gave up on it, and my vague memory is that this was a failed experiment, though I don't know if that meant "actively bad" or just "not a (full) solution".)
Bug#1032221: cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work
As a workaround I created a file /etc/initramfs-tools/hooks/libgcc: . /usr/share/initramfs-tools/hook-functions copy_file library /lib/x86_64-linux-gnu/libgcc_s.so.1 /lib/x86_64-linux-gnu/libgcc_s.so.1 With this hook the lib is copied an I am able to provide a password at login.
Bug#1032221: cryptsetup: libgcc_s.so.1 must be installed for pthread_exit to work
Package: cryptsetup Version: 2:2.6.1-1 Severity: grave Justification: renders package unusable X-Debbugs-Cc: kai.weber+deb...@glorybox.de Dear Maintainer, Today's upgrade triggered a rebuild of the initramfs. After a reboot I can no longer login to my system. Using an older kernel worked. This ist the error message: Please unlock disk nvme0n1p3_crypt: libgcc_s.so.1 must be installed for pthread_exit to work Aborted cryptsetup: ERROR: nvme0n1p3_crypt: cryptsetup failed, bad password or options? Some investigations: - update-initramfs does indeed not copy libpthread.so or libgcc_s.so - none of the binaries copied during the update seem to depend on those libraries - attached is the debug output I added to the copy_exec function (echo "$src $x" >> /tmp/dependencies.log) Doing some research I found an older bug #950254 that helped me debugging the issue -- Package-specific info: -- /proc/cmdline BOOT_IMAGE=/vmlinuz-6.1.0-4-amd64 root=/dev/mapper/dummy--vg-root ro quiet -- /etc/crypttab nvme0n1p3_crypt UUID=e9aff144-a836-49d6-8640-01f4b7c3bb8b none luks,discard -- /etc/fstab # /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # systemd generates mount units based on this file, see systemd.mount(5). # Please run 'systemctl daemon-reload' after making changes here. # # /dev/mapper/dummy--vg-root / ext4errors=remount-ro 0 1 # /boot was on /dev/nvme0n1p2 during installation UUID=0d9a09b3-abe6-4831-ad3a-166f68e6c77f /boot ext2defaults 0 2 # /boot/efi was on /dev/nvme0n1p1 during installation UUID=D114-FD63 /boot/efi vfatumask=0077 0 1 /dev/mapper/dummy--vg-swap_1 noneswapsw 0 0 -- lsmod Module Size Used by snd_usb_audio 376832 1 snd_usbmidi_lib45056 1 snd_usb_audio snd_rawmidi53248 1 snd_usbmidi_lib xt_conntrack 16384 1 nft_chain_nat 16384 3 xt_MASQUERADE 20480 1 nf_nat 57344 2 nft_chain_nat,xt_MASQUERADE nf_conntrack_netlink57344 0 nf_conntrack 188416 4 xt_conntrack,nf_nat,nf_conntrack_netlink,xt_MASQUERADE nf_defrag_ipv6 24576 1 nf_conntrack nf_defrag_ipv4 16384 1 nf_conntrack xfrm_user 53248 1 xfrm_algo 16384 1 xfrm_user xt_addrtype16384 2 nft_compat 20480 4 nf_tables 286720 57 nft_compat,nft_chain_nat libcrc32c 16384 3 nf_conntrack,nf_nat,nf_tables nfnetlink 20480 4 nft_compat,nf_conntrack_netlink,nf_tables br_netfilter 32768 0 bridge311296 1 br_netfilter stp16384 1 bridge llc16384 2 bridge,stp typec_displayport 16384 1 ctr16384 2 ccm20480 6 uhid 20480 1 rfcomm 94208 4 cmac 16384 3 snd_seq_dummy 16384 0 snd_hrtimer16384 1 algif_hash 16384 1 snd_seq90112 7 snd_seq_dummy algif_skcipher 16384 1 snd_seq_device 16384 2 snd_seq,snd_rawmidi af_alg 36864 6 algif_hash,algif_skcipher overlay 159744 0 qrtr 49152 4 bnep 28672 2 binfmt_misc24576 1 nls_ascii 16384 1 nls_cp437 20480 1 vfat 24576 1 fat90112 1 vfat snd_sof_pci_intel_skl16384 0 snd_sof_intel_hda_common 188416 1 snd_sof_pci_intel_skl soundwire_intel49152 1 snd_sof_intel_hda_common soundwire_generic_allocation16384 1 soundwire_intel snd_hda_codec_hdmi 81920 1 soundwire_cadence 40960 1 soundwire_intel snd_sof_intel_hda 20480 1 snd_sof_intel_hda_common snd_sof_pci24576 2 snd_sof_intel_hda_common,snd_sof_pci_intel_skl snd_sof_xtensa_dsp 16384 1 snd_sof_intel_hda_common iwlmvm385024 0 snd_sof 274432 2 snd_sof_pci,snd_sof_intel_hda_common snd_ctl_led24576 0 intel_pmc_core_pltdrv16384 0 intel_pmc_core 53248 0 snd_hda_codec_realtek 172032 1 snd_sof_utils 20480 1 snd_sof soundwire_bus 102400 3 soundwire_intel,soundwire_generic_allocation,soundwire_cadence x86_pkg_temp_thermal20480 0 intel_powerclamp 20480 0 snd_hda_codec_generic98304 1 snd_hda_codec_realtek joydev 28672 0 coretemp 20480 0 mac80211 1171456 1 iwlmvm snd_soc_skl 184320 0 btusb 65536 0 snd_soc_hdac_hda 24576 2 snd_sof_intel_hda_common,snd_soc_skl mei_hdcp 24576 0 snd_hda_ext_core 40960 3
Processed: closing 1020318
Processing commands for cont...@bugs.debian.org: > close 1020318 Bug #1020318 [src:syslog-ng] syslog-ng: binary-all FTBFS Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1020318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020318 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 1010052
Processing commands for cont...@bugs.debian.org: > close 1010052 Bug #1010052 [src:mysql-8.0] mysql-8.0 FTBFS: error: ‘size_t’ has not been declared Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1010052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010052 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 988145
Processing commands for cont...@bugs.debian.org: > close 988145 Bug #988145 [src:libmail-dkim-perl] libmail-dkim-perl in buster accesses the internet during the build Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 988145: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988145 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 988149
Processing commands for cont...@bugs.debian.org: > close 988149 Bug #988149 [src:mozjs60] mozjs60: Missing build dependency on tzdata Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 988149: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988149 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 972663
Processing commands for cont...@bugs.debian.org: > close 972663 Bug #972663 [src:jsunit] jsunit needs updating in stable Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 972663: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972663 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: closing 906835
Processing commands for cont...@bugs.debian.org: > close 906835 Bug #906835 [src:pdf.js] xul-ext-pdf.js no longer works with firefox-esr 60 Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 906835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1021165: marked as done (armhf: floatn-common.h:214:9: error: multiple types in one declaration)
Your message dated Wed, 1 Mar 2023 20:36:26 +0100 with message-id and subject line Re: floatn-common.h:214:9: error: multiple types in one declaration has caused the Debian Bug report #1021165, regarding armhf: floatn-common.h:214:9: error: multiple types in one declaration to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1021165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: gcc-snapshot Version: 1:20220920-1 Severity: grave Per original reference: --- Comment #1 from Andrew Pinski --- Is this a packaging issue? > ignoring nonexistent directory > "/usr/lib/gcc-snapshot/lib/gcc/arm-linux-gnueabihf/13/include-fixed/arm-linux-gnueabihf" ignoring nonexistent directory "/usr/lib/gcc-snapshot/lib/gcc/arm-linux-gnueabihf/13/include-fixed" Gcc 13 requires some (older) glibc headers to be fixed up . See: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107128 --- End Message --- --- Begin Message --- Version: 2.36-7 On 2023-02-28 08:48, Mathieu Malaterre wrote: > Control: reassign -1 libc6.1-dev 2.36-5 > > Looks like the issue is not fixed on ia64 / sparc64. The issue has been fixed in version 2.36-7 with the following change, so this is definitely expected that the issue is reproducible with version 2.36-5: * debian/patches/any/git-floatn-gcc-13-support.diff: backport FloatN support for GCC 13 from upstream. Closes: #1022166. I am aware that version 2.36-5 is the latest version available on ia64 and sparc64, as glibc FTBFS on those architectures due to testsuite issues, but this has been like that for many years and porters do not care. I guess they'll do a build with nocheck at some point. Regards Aurelien -- Aurelien Jarno GPG: 4096R/1DDD8C9B aurel...@aurel32.net http://www.aurel32.net--- End Message ---
Bug#1032168: meson: autopkgtest fills disk completely
Hi Jussi, On 01-03-2023 00:17, Jussi Pakkanen wrote: On Tue, 28 Feb 2023 at 23:30, Paul Gevers wrote: With your last upload of meson, we're seeing issues on ci.debian.net. It turns out that the autopkgtest of meson is using so much disk space that the most of our hosts runs out of it when meson is tested. This is weird. As far as we know we have not made any changes that should affect disk usage in 1.0.1. Well, maybe something that meson uses has changed? Is /tmp on the same file system as the rest of the image or is it a separate partition? Inside the lxc container, everything is on the same partition. Or are you really interested on the host that runs autopkgtest? There it's not the same across the workers. Is it possible to know how close to filling up the disk the old succeeding builds got? No, but e.g. on s390x it never ever came close to filling the disk, so the peaks of before today here are really new: https://ci.debian.net/munin/ci-worker-s390x-01/ci-worker-s390x-01/df.html (but apparently another package is also suddenly misbehaving, so maybe it's indeed something *below* meson. I'll try to figure out tonight or tomorrow morning. And how much disk space is given to the build in total? I've wished for a long time to provide that information on our site. To be able to quickly provide the info, I decided to quickly set up this wiki: https://wiki.debian.org/ContinuousIntegration/WorkerSpecs Paul OpenPGP_signature Description: OpenPGP digital signature
Processed: Re: Bug#1032165: gcc-12-cross-ports: not binNMU safe
Processing control commands: > clone -1 -2 -3 -4 Bug #1032165 [src:gcc-12-cross-ports] gcc-12-cross-ports: not binNMU safe Bug 1032165 cloned as bugs 1032216-1032218 > reassign -2 gcc-9-cross-ports 25 Bug #1032216 [src:gcc-12-cross-ports] gcc-12-cross-ports: not binNMU safe Bug reassigned from package 'src:gcc-12-cross-ports' to 'gcc-9-cross-ports'. No longer marked as found in versions gcc-12-cross-ports/12. Ignoring request to alter fixed versions of bug #1032216 to the same values previously set Bug #1032216 [gcc-9-cross-ports] gcc-12-cross-ports: not binNMU safe There is no source info for the package 'gcc-9-cross-ports' at version '25' with architecture '' Unable to make a source version for version '25' Marked as found in versions 25. > retitle -2 gcc-9-cross-ports: not binNMU-safe Bug #1032216 [gcc-9-cross-ports] gcc-12-cross-ports: not binNMU safe Changed Bug title to 'gcc-9-cross-ports: not binNMU-safe' from 'gcc-12-cross-ports: not binNMU safe'. > reassign -3 gcc-9-cross 27 Bug #1032217 [src:gcc-12-cross-ports] gcc-12-cross-ports: not binNMU safe Bug reassigned from package 'src:gcc-12-cross-ports' to 'gcc-9-cross'. No longer marked as found in versions gcc-12-cross-ports/12. Ignoring request to alter fixed versions of bug #1032217 to the same values previously set Bug #1032217 [gcc-9-cross] gcc-12-cross-ports: not binNMU safe There is no source info for the package 'gcc-9-cross' at version '27' with architecture '' Unable to make a source version for version '27' Marked as found in versions 27. > retitle -3 gcc-9-cross: not binNMU-safe Bug #1032217 [gcc-9-cross] gcc-12-cross-ports: not binNMU safe Changed Bug title to 'gcc-9-cross: not binNMU-safe' from 'gcc-12-cross-ports: not binNMU safe'. > reassign -4 gcc-10-cross-mipsen 3+c5 Bug #1032218 [src:gcc-12-cross-ports] gcc-12-cross-ports: not binNMU safe Bug reassigned from package 'src:gcc-12-cross-ports' to 'gcc-10-cross-mipsen'. No longer marked as found in versions gcc-12-cross-ports/12. Ignoring request to alter fixed versions of bug #1032218 to the same values previously set Bug #1032218 [gcc-10-cross-mipsen] gcc-12-cross-ports: not binNMU safe There is no source info for the package 'gcc-10-cross-mipsen' at version '3+c5' with architecture '' Unable to make a source version for version '3+c5' Marked as found in versions 3+c5. > retitle -4 gcc-10-cross-mipsen: not binNMU-safe Bug #1032218 [gcc-10-cross-mipsen] gcc-12-cross-ports: not binNMU safe Changed Bug title to 'gcc-10-cross-mipsen: not binNMU-safe' from 'gcc-12-cross-ports: not binNMU safe'. -- 1032165: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032165 1032216: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032216 1032217: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032217 1032218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032165: gcc-12-cross-ports: not binNMU safe
Control: clone -1 -2 -3 -4 Control: reassign -2 gcc-9-cross-ports 25 Control: retitle -2 gcc-9-cross-ports: not binNMU-safe Control: reassign -3 gcc-9-cross 27 Control: retitle -3 gcc-9-cross: not binNMU-safe Control: reassign -4 gcc-10-cross-mipsen 3+c5 Control: retitle -4 gcc-10-cross-mipsen: not binNMU-safe On 2023-02-28 22:18:14 +0100, Sebastian Ramacher wrote: > Control: clone -1 -2 > Control: reassign -2 gcc-11-cross-mipsen 5+c3 > Control: retitle -2 gcc-11-cross-mipsen: not binNMU-safe > > On 2023-02-28 22:13:59 +0100, Sebastian Ramacher wrote: > > Source: gcc-12-cross-ports > > Version: 12 > > Severity: serious > > > > The method to compute the version of the binary packages is not > > binNMU-safe. This can be seen from the latest round of binNMUs to > > rebuild for outdated Built-Using fields. See > > https://buildd.debian.org/status/fetch.php?pkg=gcc-12-cross-ports=amd64=12%2Bb1=1677602107=0 > > > > As it can be seen from the log, the version computed for the binary > > packages is the same as the one of the build of the initial upload of > > version 12. The binNMU version -- b1 in this case -- is missing. > > gcc-11-cross-mipsen is affected by the same issue. Cloning and > reassigning. … and there are more. Cheers -- Sebastian Ramacher
Bug#995156: easy-rsa: vars Autodetection
On Tue, Feb 14, 2023 at 10:28:16PM +0100, Lee Garrett wrote: > I'm bumping the bug severity because currently it will ignore > security-relevant settings like keysize and algo, and the defaults are > pretty weak. Has anyone discussed this with upstream? This seems to be an area with frequent changes upstream, adding a patch that is not a backport from upstream might be a bad idea. cu Adrian
Processed: Re: Bug#1012016: libapache-poi-java breaks octave-io autopkgtest: assert (size (d) == [1001, 2]) failed
Processing control commands: > severity -1 important Bug #1012016 [libapache-poi-java] libapache-poi-java needs updates for newer xmlbeans Severity set to 'important' from 'serious' -- 1012016: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012016 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032188: old old stable debdiff
Hi,
The old old stable debdiff now
diff -Nru node-css-what-2.1.0/debian/changelog node-css-what-2.1.0/debian/changelog
--- node-css-what-2.1.0/debian/changelog 2016-02-05 20:41:17.0 +
+++ node-css-what-2.1.0/debian/changelog 2023-03-01 15:33:15.0 +
@@ -1,3 +1,15 @@
+node-css-what (2.1.0-1+deb9u1) stretch-security; urgency=medium
+
+ * Team upload
+ * node-css-what was vulnerable to Regular Expression Denial of Service
+(ReDoS) due to the usage of insecure regular expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch
--- node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 2023-03-01 15:33:15.0 +
@@ -0,0 +1,37 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 15:08:01 +
+Subject: Partial fix of reDos CVE-2022-21222/CVE-2021-33587: attribute
+ selector
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
+
+Add also != that is checked as invalid latter in order to pass testsuite.
+
+So replace \S by [~|^$*!]
+
+Signed-off-by: Bastien Roucariès
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+Signed-off-by: Bastien Roucariès
+---
+ index.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/index.js b/index.js
+index 859324c..d7105f9 100644
+--- a/index.js
b/index.js
+@@ -5,7 +5,7 @@ module.exports = parse;
+ var re_name = /^(?:\\.|[\w\-\u00c0-\u])+/,
+ re_escape = /\\([\da-f]{1,6}\s?|(\s)|.)/ig,
+ //modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:(\S?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
++re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
+
+ var actionTypes = {
+ __proto__: null,
diff -Nru node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch
--- node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 2023-03-01 15:33:15.0 +
@@ -0,0 +1,43 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 15:15:20 +
+Subject: Partial fix of ReDos CVE-2022-21222/CVE-2021-33587: trim string
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Trim left the string avoiding a \s* at the beginning of the string, thus avoiding part of complexity.
+
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+Signed-off-by: Bastien Roucariès
+---
+ index.js | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/index.js b/index.js
+index d7105f9..1e7f145 100644
+--- a/index.js
b/index.js
+@@ -5,7 +5,7 @@ module.exports = parse;
+ var re_name = /^(?:\\.|[\w\-\u00c0-\u])+/,
+ re_escape = /\\([\da-f]{1,6}\s?|(\s)|.)/ig,
+ //modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
++re_attr = /^((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
+
+ var actionTypes = {
+ __proto__: null,
+@@ -146,7 +146,10 @@ function parseSelector(subselects, selector, options){
+ ignoreCase: false
+ });
+ } else if(firstChar === "["){
+-selector = selector.substr(1);
++ selector = selector.substr(1);
++ var wspace = selector.match(/^\s*/);
++ var woffset = !wspace ? 0 : wspace[0].length;
++ selector =
Bug#1012016: libapache-poi-java breaks octave-io autopkgtest: assert (size (d) == [1001, 2]) failed
Control: severity -1 important Le mardi 31 janvier 2023 à 18:09 +0100, Sébastien Villemot a écrit : > Alternatively, I could try to patch octave-io so that it no longer uses > libapache-poi-java for reading XLSX files. That is an inferior > solution, because that will remove an important functionality from the > package, but I may not have the choice. I ended up implementing this “solution” in octave-io 2.4.6-3. So in effect it no longer relies on libapache-poi-java + libxmlbeans-java for reading XLSX files (fortunately octave-io has another, less efficient, backend for reading XLSX files). As a consequence, downgrading the severity of this bug. -- ⢀⣴⠾⠻⢶⣦⠀ Sébastien Villemot ⣾⠁⢠⠒⠀⣿⡁ Debian Developer ⢿⡄⠘⠷⠚⠋⠀ https://sebastien.villemot.name ⠈⠳⣄ https://www.debian.org signature.asc Description: This is a digitally signed message part
Bug#1029821: change gnome-desktop's default choice of Japanese input methods for Debian
Package: libgnome-desktop-4-2 Followup-For: Bug #1029821 X-Debbugs-Cc: yy.y.ja...@gmail.com I'd like to contribute by testing d-i with Japanese input (I'm not a Japanese speaker, but can offer some time to help). My plan is to: 1. run the graphical d-i install of a fresh GNOME 43 system 2. select 'anthy' in 'gnome-initial-setup' 3. attempt Japanese keyboard input 4. run the graphical d-i install of a fresh GNOME 43 system 5. select 'mozc-jp' in 'gnome-initial-setup' 6. attempt Japanese keyboard input For each path I may need help: how will I verify that Japanese input support is working? (maybe a naive question, but I don't know; I will search the web to find out soon, but any guidance before then would be appreciated) Also: My understanding is that the _only_ difference that the patch will make is that it will change the default in 'gnome-initial-setup'. Users could still choose 'anthy' -- or another input method -- if they want, for some reason. Is that correct?
Bug#1032188: Old stable debdiff
Hi,
The debdiff for buster. Please review, will upload, after a while.
ReDoS was checked by using (not yet packaged) rechek.
Bastiendiff -Nru node-css-what-2.1.0/debian/changelog node-css-what-2.1.0/debian/changelog
--- node-css-what-2.1.0/debian/changelog 2016-02-05 20:41:17.0 +
+++ node-css-what-2.1.0/debian/changelog 2023-03-01 15:33:15.0 +
@@ -1,3 +1,15 @@
+node-css-what (2.1.0-1+deb10u1) buster-security; urgency=medium
+
+ * Team upload
+ * node-css-what was vulnerable to Regular Expression Denial of Service
+(ReDoS) due to the usage of insecure regular expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 15:33:15 +
+
node-css-what (2.1.0-1) unstable; urgency=medium
* new upstream version
diff -Nru node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch
--- node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-2.1.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 2023-03-01 15:29:40.0 +
@@ -0,0 +1,37 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 15:08:01 +
+Subject: Partial fix of reDos CVE-2022-21222/CVE-2021-33587: attribute
+ selector
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
+
+Add also != that is checked as invalid latter in order to pass testsuite.
+
+So replace \S by [~|^$*!]
+
+Signed-off-by: Bastien Roucariès
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+Signed-off-by: Bastien Roucariès
+---
+ index.js | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/index.js b/index.js
+index 859324c..d7105f9 100644
+--- a/index.js
b/index.js
+@@ -5,7 +5,7 @@ module.exports = parse;
+ var re_name = /^(?:\\.|[\w\-\u00c0-\u])+/,
+ re_escape = /\\([\da-f]{1,6}\s?|(\s)|.)/ig,
+ //modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:(\S?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
++re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
+
+ var actionTypes = {
+ __proto__: null,
diff -Nru node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch
--- node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-2.1.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 2023-03-01 15:29:40.0 +
@@ -0,0 +1,43 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 15:15:20 +
+Subject: Partial fix of ReDos CVE-2022-21222/CVE-2021-33587: trim string
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Trim left the string avoiding a \s* at the beginning of the string, thus avoiding part of complexity.
+
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+Signed-off-by: Bastien Roucariès
+---
+ index.js | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/index.js b/index.js
+index d7105f9..1e7f145 100644
+--- a/index.js
b/index.js
+@@ -5,7 +5,7 @@ module.exports = parse;
+ var re_name = /^(?:\\.|[\w\-\u00c0-\u])+/,
+ re_escape = /\\([\da-f]{1,6}\s?|(\s)|.)/ig,
+ //modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-re_attr = /^\s*((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
++re_attr = /^((?:\\.|[\w\u00c0-\u\-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])(.*?)\3|(#?(?:\\.|[\w\u00c0-\u\-])*)|)|)\s*(i)?\]/;
+
+ var actionTypes = {
+ __proto__: null,
+@@ -146,7 +146,10 @@ function parseSelector(subselects, selector, options){
+ ignoreCase: false
+ });
+ } else if(firstChar === "["){
+-selector = selector.substr(1);
++ selector = selector.substr(1);
++ var wspace = selector.match(/^\s*/);
++
Bug#1032186: [Pkg-raspi-maintainers] Bug#1032186: raspi-firmware: Can make removing a kernel image fail and causing "apt upgrade" to fail early, too
Hi Diederik, Diederik de Haas wrote: > On Wednesday, 1 March 2023 12:48:49 CET Axel Beckert wrote: > > A patch (without the proper indentation probably wanted for readability) > > which seems to have helped for me: […] > https://salsa.debian.org/debian/raspi-firmware/-/merge_requests/32 contains a > variation of your patch. Thanks! Regards, Axel -- ,''`. | Axel Beckert , https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `-| 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Processed: severity of 1010667 is grave
Processing commands for cont...@bugs.debian.org: > severity 1010667 grave Bug #1010667 [src:ruby-xmlhash] ruby-xmlhash: CVE-2022-21949 - Improper Restriction of XML External Entity Reference Severity set to 'grave' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1010667: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010667 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: notfound 1031586 in 1.3.1-4
Processing commands for cont...@bugs.debian.org:
> notfound 1031586 1.3.1-4
Bug #1031586 {Done: Roland Mas } [src:deap] deap: FTBFS in
testing: AttributeError: module 'numpy' has no attribute 'bool'
Ignoring request to alter found versions of bug #1031586 to the same values
previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1031586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1009401: marked as done (plover: FTBFS: E AttributeError: module 'collections' has no attribute 'Sequence')
Your message dated Wed, 01 Mar 2023 11:11:54 -0500 with message-id <3f1129bb127265fb60252a05b9c703a72c661986.ca...@debian.org> and subject line Re: plover: FTBFS: E AttributeError: module 'collections' has no attribute 'Sequence' has caused the Debian Bug report #1009401, regarding plover: FTBFS: E AttributeError: module 'collections' has no attribute 'Sequence' to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1009401: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009401 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: plover Version: 4.0.0~dev8~66~g685bd33-2 Severity: serious Justification: FTBFS Tags: bookworm sid ftbfs User: lu...@debian.org Usertags: ftbfs-20220412 ftbfs-bookworm Hi, During a rebuild of all packages in sid, your package failed to build on amd64. Relevant part (hopefully): > make[1]: Entering directory '/<>' > python3 -m pytest > = test session starts > == > platform linux -- Python 3.10.4, pytest-6.2.5, py-1.10.0, pluggy-1.0.0 > rootdir: /<> > collected 0 items / 19 errors > > ERRORS > > ERROR collecting test/test_blackbox.py > > /usr/lib/python3.10/importlib/__init__.py:126: in import_module > return _bootstrap._gcd_import(name[level:], package, level) > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :992: in _find_and_load_unlocked > ??? > :241: in _call_with_frames_removed > ??? > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :1006: in _find_and_load_unlocked > ??? > :688: in _load_unlocked > ??? > :883: in exec_module > ??? > :241: in _call_with_frames_removed > ??? > test/__init__.py:13: in > system.setup(DEFAULT_SYSTEM_NAME) > plover/system/__init__.py:62: in setup > system_symbols[symbol] = init(mod) > plover/system/__init__.py:44: in > 'SUFFIX_KEYS' : lambda mod: _suffix_keys(mod.SUFFIX_KEYS), > plover/system/__init__.py:36: in _suffix_keys > assert isinstance(keys, collections.Sequence) > E AttributeError: module 'collections' has no attribute 'Sequence' > _ ERROR collecting test/test_config.py > _ > /usr/lib/python3.10/importlib/__init__.py:126: in import_module > return _bootstrap._gcd_import(name[level:], package, level) > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :992: in _find_and_load_unlocked > ??? > :241: in _call_with_frames_removed > ??? > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :1006: in _find_and_load_unlocked > ??? > :688: in _load_unlocked > ??? > :883: in exec_module > ??? > :241: in _call_with_frames_removed > ??? > test/__init__.py:13: in > system.setup(DEFAULT_SYSTEM_NAME) > plover/system/__init__.py:62: in setup > system_symbols[symbol] = init(mod) > plover/system/__init__.py:44: in > 'SUFFIX_KEYS' : lambda mod: _suffix_keys(mod.SUFFIX_KEYS), > plover/system/__init__.py:36: in _suffix_keys > assert isinstance(keys, collections.Sequence) > E AttributeError: module 'collections' has no attribute 'Sequence' > __ ERROR collecting test/test_default_dict.py > __ > /usr/lib/python3.10/importlib/__init__.py:126: in import_module > return _bootstrap._gcd_import(name[level:], package, level) > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :992: in _find_and_load_unlocked > ??? > :241: in _call_with_frames_removed > ??? > :1050: in _gcd_import > ??? > :1027: in _find_and_load > ??? > :1006: in _find_and_load_unlocked > ??? > :688: in _load_unlocked > ??? > :883: in exec_module > ??? > :241: in _call_with_frames_removed > ??? > test/__init__.py:13: in > system.setup(DEFAULT_SYSTEM_NAME) > plover/system/__init__.py:62: in setup > system_symbols[symbol] = init(mod) > plover/system/__init__.py:44: in > 'SUFFIX_KEYS' : lambda mod: _suffix_keys(mod.SUFFIX_KEYS), > plover/system/__init__.py:36: in _suffix_keys > assert isinstance(keys, collections.Sequence) > E AttributeError: module 'collections' has no attribute 'Sequence' > _ ERROR collecting test/test_engine.py > _ > /usr/lib/python3.10/importlib/__init__.py:126: in import_module > return _bootstrap._gcd_import(name[level:], package, level) > :1050: in _gcd_import >
Bug#1032186: [Pkg-raspi-maintainers] Bug#1032186: raspi-firmware: Can make removing a kernel image fail and causing "apt upgrade" to fail early, too
On Wednesday, 1 March 2023 12:48:49 CET Axel Beckert wrote:
> A patch (without the proper indentation probably wanted for readability)
> which seems to have helped for me:
>
> diff --git a/kernel/postinst.d/z50-raspi-firmware
> b/kernel/postinst.d/z50-raspi-firmware index 1d3ae16..d898847 100755
> --- a/kernel/postinst.d/z50-raspi-firmware
> +++ b/kernel/postinst.d/z50-raspi-firmware
> @@ -115,6 +115,7 @@ else
>dtb_path="/usr/lib/linux-image-${latest_kernel#/boot/vmlinuz-}"
> fi
>
> +if [ "$1" != "remove" ]; then
> if [ "$KERNEL" = "auto" ] ; then
>for dtb in "${dtb_path}"/bcm*.dtb; do
> [ -e "${dtb}" ] || continue
> @@ -128,6 +129,7 @@ if [ "$KERNEL" = "auto" ] ; then
>cp "$latest_kernel" /boot/firmware/
>cp "$latest_initrd" /boot/firmware/
> fi
> +fi
https://salsa.debian.org/debian/raspi-firmware/-/merge_requests/32 contains a
variation of your patch.
signature.asc
Description: This is a digitally signed message part.
Bug#1031586: marked as done (deap: FTBFS in testing: AttributeError: module 'numpy' has no attribute 'bool')
Your message dated Wed, 1 Mar 2023 16:55:14 +0100
with message-id <94f1b2ec-2797-99a2-2853-9090bedc0...@debian.org>
and subject line #1031586 (deap FTBFS): No longer applies in current bookworm
has caused the Debian Bug report #1031586,
regarding deap: FTBFS in testing: AttributeError: module 'numpy' has no
attribute 'bool'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031586
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: deap
Version: 1.3.1-3
Severity: serious
Justification: FTBFS
Tags: bookworm sid ftbfs
User: lu...@debian.org
Usertags: ftbfs-20230217 ftbfs-bookworm
Hi,
During a rebuild of all packages in testing (bookworm), your package failed
to build on amd64.
Relevant part (hopefully):
> make[2]: Entering directory '/<>/doc'
> PYTHONPATH=/<>/../ sphinx-build -b html -d _build/doctrees .
> _build/html
> Running Sphinx v5.3.0
> Matplotlib created a temporary config/cache directory at
> /tmp/matplotlib-sjrce1n5 because the default path
> (/sbuild-nonexistent/.config/matplotlib) is not a writable directory; it is
> highly recommended to set the MPLCONFIGDIR environment variable to a writable
> directory, in particular to speed up the import of Matplotlib and to better
> support multiprocessing.
> making output directory... done
> WARNING: favicon file 'deap_orange_icon_32.ico' does not exist
> loading intersphinx inventory from http://docs.python.org/objects.inv...
> loading intersphinx inventory from
> http://docs.scipy.org/doc/numpy/objects.inv...
> WARNING: failed to reach any of the inventories with the following issues:
> intersphinx inventory 'http://docs.python.org/objects.inv' not fetchable due
> to :
> HTTPConnectionPool(host='127.0.0.1', port=9): Max retries exceeded with url:
> http://docs.python.org/objects.inv (Caused by ProxyError('Cannot connect to
> proxy.', NewConnectionError(' 0x7f2346f40b10>: Failed to establish a new connection: [Errno 111] Connection
> refused')))
> WARNING: failed to reach any of the inventories with the following issues:
> intersphinx inventory 'http://docs.scipy.org/doc/numpy/objects.inv' not
> fetchable due to :
> HTTPConnectionPool(host='127.0.0.1', port=9): Max retries exceeded with url:
> http://docs.scipy.org/doc/numpy/objects.inv (Caused by ProxyError('Cannot
> connect to proxy.', NewConnectionError(' object at 0x7f2346f43550>: Failed to establish a new connection: [Errno 111]
> Connection refused')))
> WARNING: extlinks: Sphinx-6.0 will require a caption string to contain
> exactly one '%s' and all other '%' need to be escaped as '%%'.
> building [mo]: targets for 0 po files that are out of date
> building [html]: targets for 43 source files that are out of date
> updating environment: [new config] 43 added, 0 changed, 0 removed
> reading sources... [ 2%] about
> reading sources... [ 4%] api/algo
> reading sources... [ 6%] api/base
> reading sources... [ 9%] api/benchmarks
> reading sources... [ 11%] api/creator
> reading sources... [ 13%] api/gp
> reading sources... [ 16%] api/index
> reading sources... [ 18%] api/tools
> reading sources... [ 20%] contributing
> reading sources... [ 23%] examples/bipop_cmaes
> reading sources... [ 25%] examples/cmaes
> reading sources... [ 27%] examples/cmaes_plotting
> reading sources... [ 30%] examples/coev_coop
> reading sources... [ 32%] examples/eda
> reading sources... [ 34%] examples/es_fctmin
> reading sources... [ 37%] examples/es_onefifth
> reading sources... [ 39%] examples/ga_knapsack
> reading sources... [ 41%] examples/ga_onemax
> reading sources... [ 44%] examples/ga_onemax_numpy
> reading sources... [ 46%] examples/ga_onemax_short
> reading sources... [ 48%] examples/gp_ant
> reading sources... [ 51%] examples/gp_multiplexer
> reading sources... [ 53%] examples/gp_parity
> reading sources... [ 55%] examples/gp_spambase
> reading sources... [ 58%] examples/gp_symbreg
> reading sources... [ 60%] examples/index
> reading sources... [ 62%] examples/nsga3
> reading sources... [ 65%] examples/pso_basic
> reading sources... [ 67%] examples/pso_multiswarm
> reading sources... [ 69%] index
> reading sources... [ 72%] installation
> reading sources... [ 74%] overview
> reading sources... [ 76%] porting
> reading sources... [ 79%] releases
> reading sources... [ 81%] tutorials/advanced/benchmarking
> reading sources... [ 83%] tutorials/advanced/checkpoint
> reading sources... [ 86%] tutorials/advanced/constraints
> reading sources... [ 88%] tutorials/advanced/gp
> reading sources... [ 90%]
Processed: severity of 1021662 is grave
Processing commands for cont...@bugs.debian.org: > severity 1021662 grave Bug #1021662 [src:libosip2] libosip2: CVE-2022-41550 Severity set to 'grave' from 'important' > thanks Stopping processing here. Please contact me if you need assistance. -- 1021662: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021662 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1026539: How much do we lose if we remove theano (+keras, deepnano, invesalius)?
Control: tags -1 pending Hi, > Andrius Merkys wrote: > That said, it is OK to omit keras in bookworm if need be, but I would > like to see it back for trixie. I've spent some time into theano and it builds and runs its test suite in Salsa CI[1]. Since despite some tests are failing in my local pbuilder environment I'd be happy if someone else could run some test build before uploading. I decided for the latest upstream that was prepared by Rebecca and I also sneaked into the aesara fork[2] to copy some solutions they found for numpy 1.24 compatibility. I think we can not really loose much by taking this code from experimental since if we break something it can be removed which is the consensus we've somehow found before. In case it might work we have saved something for bookworm. Regarding future releases we should probably check whether those packages we want to save will work with aesara. Kind regards Andreas. [1] https://salsa.debian.org/science-team/theano/-/pipelines/506598 [2] https://github.com/aesara-devs/aesara -- http://fam-tille.de
Processed: bug 1026543 is forwarded to https://github.com/jarus/flask-testing/issues/158
Processing commands for cont...@bugs.debian.org: > forwarded 1026543 https://github.com/jarus/flask-testing/issues/158 Bug #1026543 [src:flask-testing] flask-testing: FTBFS: RuntimeError: Failed to start the server after 5 seconds. Set Bug forwarded-to-address to 'https://github.com/jarus/flask-testing/issues/158'. > thanks Stopping processing here. Please contact me if you need assistance. -- 1026543: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026543 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: How much do we lose if we remove theano (+keras, deepnano, invesalius)?
Processing control commands: > tags -1 pending Bug #1027215 [src:theano] theano: autopkgtest fail with numpy/1.24.1 Added tag(s) pending. -- 1027215: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027215 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: Re: How much do we lose if we remove theano (+keras, deepnano, invesalius)?
Processing control commands:
> tags -1 pending
Bug #1026539 [src:theano] theano: FTBFS: dh_auto_test: error: pybuild --test
--test-pytest -i python{version} -p 3.10 returned exit code 13
Added tag(s) pending.
--
1026539: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026539
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1031622: d-i regression in weekly builds: FEATURE_C12 unsupported by the installed e2fsck
Note that updating ext2fs with these new features also breaks other software components like refind (volume detection) in bookworm (this is how I came to this bug).
Processed: Re: change gnome-desktop's default choice of Japanese input methods
Processing control commands: > severity -1 grave Bug #1029821 [libgnome-desktop-4-2] change gnome-desktop's default choice of Japanese input methods for Debian Severity set to 'grave' from 'important' -- 1029821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029821 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032188: debdiff
Dear security team,
For bullseye will you find the debdiff attached.
Waiting for your instruction
Bastiendiff -Nru node-css-what-4.0.0/debian/changelog node-css-what-4.0.0/debian/changelog
--- node-css-what-4.0.0/debian/changelog 2021-01-09 21:06:15.0 +
+++ node-css-what-4.0.0/debian/changelog 2023-03-01 13:47:23.0 +
@@ -1,3 +1,15 @@
+node-css-what (4.0.0-3+deb11u1) bullseye-security; urgency=medium
+
+ * Team upload
+ * node-css-what was vulnerable to Regular Expression Denial of Service
+(ReDoS) due to the usage of insecure regular expression in the
+re_attr variable.
+The exploitation of this vulnerability could be triggered
+via the parse function.
+Fix CVE-2022-21222, CVE-2021-33587 (Closes: #989264, #1032188)
+
+ -- Bastien Roucariès Wed, 01 Mar 2023 13:47:23 +
+
node-css-what (4.0.0-3) unstable; urgency=medium
* Team upload
diff -Nru node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch
--- node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-4.0.0/debian/patches/0001-Partial-fix-of-reDos-CVE-2022-21222-CVE-2021-33587-a.patch 2023-03-01 13:47:23.0 +
@@ -0,0 +1,36 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 08:12:48 +
+Subject: Partial fix of reDos CVE-2022-21222/CVE-2021-33587: attribute
+ selector
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
+
+Add also != that is checked as invalid latter in order to pass testsuite.
+
+So replace \S by [~|^$*!]
+
+Signed-off-by: Bastien Roucariès
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+---
+ src/parse.ts | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/parse.ts b/src/parse.ts
+index 677a029..628561b 100644
+--- a/src/parse.ts
b/src/parse.ts
+@@ -81,7 +81,7 @@ export type TraversalType =
+ const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
+ const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
+ // Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:(\S?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
++const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+
+ const actionTypes: { [key: string]: AttributeAction } = {
+ undefined: "exists",
diff -Nru node-css-what-4.0.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch node-css-what-4.0.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch
--- node-css-what-4.0.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 1970-01-01 00:00:00.0 +
+++ node-css-what-4.0.0/debian/patches/0002-Partial-fix-of-ReDos-CVE-2022-21222-CVE-2021-33587-t.patch 2023-03-01 13:47:23.0 +
@@ -0,0 +1,55 @@
+From: =?utf-8?q?Bastien_Roucari=C3=A8s?=
+Date: Wed, 1 Mar 2023 10:10:47 +
+Subject: Partial fix of ReDos CVE-2022-21222/CVE-2021-33587: trim string
+MIME-Version: 1.0
+Content-Type: text/plain; charset="utf-8"
+Content-Transfer-Encoding: 8bit
+
+Trim left the string avoiding a \s* at the beginning of the string, thus avoiding part of complexity.
+
+bug-debian: https://bugs.debian.org/989264
+bug-debian: https://bugs.debian.org/1032188
+bug: https://www.cve.org/CVERecord?id=CVE-2022-21222
+bug: https://www.cve.org/CVERecord?id=CVE-2021-33587
+Signed-off-by: Bastien Roucariès
+---
+ src/parse.ts | 11 ---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/parse.ts b/src/parse.ts
+index 628561b..ad11230 100644
+--- a/src/parse.ts
b/src/parse.ts
+@@ -81,7 +81,7 @@ export type TraversalType =
+ const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
+ const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
+ // Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
+-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
++const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+
+ const actionTypes: { [key: string]: AttributeAction } = {
+ undefined: "exists",
+@@ -263,8
Processed: found 1032186 in 1.20220830+ds-1
Processing commands for cont...@bugs.debian.org: > # Sorry, forgot to copy over the version into the bug report > found 1032186 1.20220830+ds-1 Bug #1032186 [raspi-firmware] raspi-firmware: Can make removing a kernel image fail and causing "apt upgrade" to fail early, too Marked as found in versions raspi-firmware/1.20220830+ds-1. > thanks Stopping processing here. Please contact me if you need assistance. -- 1032186: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032186 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Processed: retitle 1032188 to node-css-what: CVE-2022-21222
Processing commands for cont...@bugs.debian.org:
> retitle 1032188 node-css-what: CVE-2022-21222
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Changed Bug title to 'node-css-what: CVE-2022-21222' from 'node-css-what:
CVE-2022-21222/CVE-2021-33587'.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: notfixed 1032188 in 5.0.1, fixed 1032188 in 5.0.1-1, tagging 1032188
Processing commands for cont...@bugs.debian.org:
> notfixed 1032188 5.0.1
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
There is no source info for the package 'node-css-what' at version '5.0.1' with
architecture ''
Unable to make a source version for version '5.0.1'
No longer marked as fixed in versions 5.0.1.
> fixed 1032188 5.0.1-1
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Marked as fixed in versions node-css-what/5.0.1-1.
> tags 1032188 + upstream fixed-upstream
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Added tag(s) upstream and fixed-upstream.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: found 1032188 in 4.0.0-3
Processing commands for cont...@bugs.debian.org:
> found 1032188 4.0.0-3
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Ignoring request to alter found versions of bug #1032188 to the same values
previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: found 1032188 in 2.1.0-1
Processing commands for cont...@bugs.debian.org:
> found 1032188 2.1.0-1
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Marked as found in versions node-css-what/2.1.0-1.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1030284: [Pkg-javascript-devel] Bug#1030284: nodejs: [arm64] RangeError: Maximum call stack size exceeded
Le mer. 1 mars 2023 à 14:39, James Addison a écrit : > If reproducible: would this bug be a good candidate for upload of a > fix to 'experimental' so that it can be alpha-tested by others? > Sure. For now I'm unlucky with the porterbox, because /var/run/schroot disappeared yesterday. Notified debian-admin. Jérémy
Bug#1030284: [Pkg-javascript-devel] Bug#1030284: nodejs: [arm64] RangeError: Maximum call stack size exceeded
If reproducible: would this bug be a good candidate for upload of a fix to 'experimental' so that it can be alpha-tested by others? On Wed, 1 Mar 2023 at 02:55, Jérémy Lal wrote: > > > > Le mer. 1 mars 2023 à 02:30, Thorsten Glaser a écrit : >> >> Jérémy Lal dixit: >> >> >I can build nodejs on amhdal.debian.org if you're not comfortable with that. >> >> The problem with the DSA porterboxen is that you cannot install your own >> built packages in the chroot to use them there… unless there’s a >> solution not yet known to me? > > > Indeed, but the binary can be run from build dir, so I just need to try and > reproduce the bug from there. >
Bug#1032198: wapiti fails to start with Python 3.11
Package: wapiti
Version: 3.0.4+dfsg-1
Severity: grave
Justification: renders package unusable
User: de...@kali.org
Usertags: origin-kali
X-Debbugs-Cc: sop...@offensive-security.com
Hello
Wapiti fails to start with
Traceback (most recent call last):
File "/usr/bin/wapiti", line 33, in
sys.exit(load_entry_point('wapiti3==3.0.4', 'console_scripts', 'wapiti')())
^^^
File "/usr/bin/wapiti", line 25, in importlib_load_entry_point
return next(matches).load()
File "/usr/lib/python3.11/importlib/metadata/__init__.py", line 202, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.11/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "", line 1206, in _gcd_import
File "", line 1178, in _find_and_load
File "", line 1149, in _find_and_load_unlocked
File "", line 690, in _load_unlocked
File "", line 940, in exec_module
File "", line 241, in _call_with_frames_removed
File "/usr/lib/python3/dist-packages/wapitiCore/main/wapiti.py", line 41, in
from wapitiCore.language.language import _
File "/usr/lib/python3/dist-packages/wapitiCore/language/language.py", line
62, in
lan = gettext.translation(
TypeError: translation() got an unexpected keyword argument 'codeset'
It is caused by a change in Python 3.11
The latest upstream release no longer contains this code. But we
can't update the package now because of the freeze.
The code can be patched easily to get rid of this issue, but I don't know if
there are any other issues with Python 3.11
This issue has first been reported here:
https://bugs.kali.org/view.php?id=8197
Regards,
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-6-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages wapiti depends on:
ii libjs-jquery3.6.1+dfsg+~3.5.14-1
ii python3 3.11.2-1
ii python3-bs4 4.11.2-1
ii python3-importlib-metadata 4.12.0-1
ii python3-mako1.2.4+ds-1
ii python3-markupsafe 2.1.2-1+b1
ii python3-requests2.28.1+dfsg-1
ii python3-six 1.16.0-4
ii python3-socks 1.7.1+dfsg-1
ii python3-tld 0.11.11-4
ii python3-yaswfp 0.9.3-2
wapiti recommends no packages.
wapiti suggests no packages.
-- no debconf information
-- debsums errors found:
debsums: changed file
/usr/lib/python3/dist-packages/wapitiCore/language/language.py (from wapiti
package)
Processed: notfixed 1032188 in 2.1.0-1
Processing commands for cont...@bugs.debian.org:
> notfixed 1032188 2.1.0-1
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Ignoring request to alter fixed versions of bug #1032188 to the same values
previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Processed: notfixed 1032188 in 4.0.0-3
Processing commands for cont...@bugs.debian.org:
> notfixed 1032188 4.0.0-3
Bug #1032188 {Done: Bastien ROUCARIES }
[node-css-what] node-css-what: CVE-2022-21222/CVE-2021-33587
Ignoring request to alter fixed versions of bug #1032188 to the same values
previously set
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1032188: marked as done (node-css-what: CVE-2022-21222/CVE-2021-33587)
Your message dated Wed, 1 Mar 2023 13:23:01 +
with message-id
and subject line Closed
has caused the Debian Bug report #1032188,
regarding node-css-what: CVE-2022-21222/CVE-2021-33587
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1032188: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: node-css-what
Version: 4.0.0-3
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
Find the minimal ReDoS fix for 4.0.0, checked with recheck
Bastien>From eeb1fafd26a9f09114b6f8282a9569f99d52d716 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 11:45:48 +
Subject: [PATCH 5/5] Final ReDos Fix
Replace \s that could match whitespace in \u00b0-\u, by [ \t\n\r\f]* that is space according to css specification
---
src/parse.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parse.ts b/src/parse.ts
index fcae1e3..278eecf 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4\s*|(#(?:\\.|[\w\u00b0-\u-])*|(?:\\.|[\w\u00b0-\u-])+)\s*|)|)([iI])?\]/;
+const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)[ \t\n\r\f]*(?:([~|^$*!]?)=[ \t\n\r\f]*(?:(['"])((?:[^\\]|\\[^])*?)\4[ \t\n\r\f]*|(#(?:\\.|[\w\u00b0-\u-])*|(?:\\.|[\w\u00b0-\u-])+)[ \t\n\r\f]*|)|)([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
--
2.39.2
>From 68319750685dc65fa63e1ef12686ca0ddae11007 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 08:12:48 +
Subject: [PATCH 1/5] Partial fix of reDos
Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
Add also != that is checked as invalid latter in order to pass testsuite.
So replace \S by [~|^$*!]
---
src/parse.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parse.ts b/src/parse.ts
index 677a029..628561b 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:(\S?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
--
2.39.2
>From 2d4e734ab30e8b19cdfedccc19923d2d69f40510 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 10:10:47 +
Subject: [PATCH 2/5] Partial fix of ReDos
Trim left the string avoiding a \s* at the beginning of the string, thus avoiding part of complexity.
---
src/parse.ts | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/parse.ts b/src/parse.ts
index 628561b..ad11230 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
@@ -263,8 +263,13 @@ function parseSelector(
namespace: null,
});
} else if (firstChar === "[") {
+ const wmatch = selector
+ .slice(selectorIndex + 1)
+ .match(/^\s*/);
+ const woffset = !wmatch ?
Processed: Re: ruby-net-http-persistent want Ruby (~> 2.1)
Processing control commands:
> severity -1 important
Bug #1029523 {Done: Mohammed Bilal }
[ruby-net-http-persistent] ruby-net-http-persistent want Ruby (~> 2.1)
Severity set to 'important' from 'grave'
--
1029523: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029523
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
Bug#1029523: ruby-net-http-persistent want Ruby (~> 2.1)
Control: severity -1 important On Thu, 23 Feb 2023 21:33:31 +0100 Paul Gevers wrote: > Hi, > > On Tue, 24 Jan 2023 00:21:06 +0530 Pirate Praveen > wrote: > > net-http-persistent (~> 3.0, >= 3.0.0) was resolved to 3.1.0, > > which depends on > > Ruby (~> 2.1) > > This doesn't seem to be an issue on reproducible builds [1] when > building ruby-faraday. Does that make sense? Only bundler or rubygems checks this dependency requirement. It might just work fine on ruby 3.1. For now the easiest fix was to update to 4.0 (for gitlab, where this bug appeared - in gitlab postinst, we use bundle install --local to verify all dependency requirements are satisfied), in which upstream has removed this constraint. May be we can ignore it for now (lowered the severity, as gitlab is not in bookworm).
Processed: closing 1031624
Processing commands for cont...@bugs.debian.org: > close 1031624 Bug #1031624 [gawk-doc] gawk-doc: Keep out of testing until gawk migrates Marked Bug as done > thanks Stopping processing here. Please contact me if you need assistance. -- 1031624: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031624 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032190: Don't release with bookworm
Source: golang-github-jesseduffield-yaml Version: 2.2.2+git20190702.b900b7e-3 Severity: serious X-Debbugs-Cc: z...@debian.org Fork of golang-gopkg-yaml.v2, golang-gopkg-yaml.v3. No new development in https://github.com/jesseduffield/yaml since 2019. No reverse-depends.
Bug#1032188: node-css-what: CVE-2022-21222/CVE-2021-33587
Package: node-css-what
Version: 4.0.0-3
Severity: serious
Tags: security
Justification: security
X-Debbugs-Cc: Debian Security Team
Dear Maintainer,
Find the minimal ReDoS fix for 4.0.0, checked with recheck
Bastien>From eeb1fafd26a9f09114b6f8282a9569f99d52d716 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 11:45:48 +
Subject: [PATCH 5/5] Final ReDos Fix
Replace \s that could match whitespace in \u00b0-\u, by [ \t\n\r\f]* that is space according to css specification
---
src/parse.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parse.ts b/src/parse.ts
index fcae1e3..278eecf 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4\s*|(#(?:\\.|[\w\u00b0-\u-])*|(?:\\.|[\w\u00b0-\u-])+)\s*|)|)([iI])?\]/;
+const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)[ \t\n\r\f]*(?:([~|^$*!]?)=[ \t\n\r\f]*(?:(['"])((?:[^\\]|\\[^])*?)\4[ \t\n\r\f]*|(#(?:\\.|[\w\u00b0-\u-])*|(?:\\.|[\w\u00b0-\u-])+)[ \t\n\r\f]*|)|)([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
--
2.39.2
>From 68319750685dc65fa63e1ef12686ca0ddae11007 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 08:12:48 +
Subject: [PATCH 1/5] Partial fix of reDos
Per https://w3c.github.io/csswg-drafts/selectors/#attribute-selectors only = ~= |= ^= $= *= are supported.
Add also != that is checked as invalid latter in order to pass testsuite.
So replace \S by [~|^$*!]
---
src/parse.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parse.ts b/src/parse.ts
index 677a029..628561b 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:(\S?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
--
2.39.2
>From 2d4e734ab30e8b19cdfedccc19923d2d69f40510 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar 2023 10:10:47 +
Subject: [PATCH 2/5] Partial fix of ReDos
Trim left the string avoiding a \s* at the beginning of the string, thus avoiding part of complexity.
---
src/parse.ts | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/parse.ts b/src/parse.ts
index 628561b..ad11230 100644
--- a/src/parse.ts
+++ b/src/parse.ts
@@ -81,7 +81,7 @@ export type TraversalType =
const reName = /^[^\\#]?(?:\\(?:[\da-f]{1,6}\s?|.)|[\w\-\u00b0-\u])+/;
const reEscape = /\\([\da-f]{1,6}\s?|(\s)|.)/gi;
// Modified version of https://github.com/jquery/sizzle/blob/master/src/sizzle.js#L87
-const reAttr = /^\s*(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
+const reAttr = /^(?:(\*|[-\w]*)\|)?((?:\\.|[\w\u00b0-\u-])+)\s*(?:([~|^$*!]?)=\s*(?:(['"])((?:[^\\]|\\[^])*?)\4|(#?(?:\\.|[\w\u00b0-\u-])*)|)|)\s*([iI])?\]/;
const actionTypes: { [key: string]: AttributeAction } = {
undefined: "exists",
@@ -263,8 +263,13 @@ function parseSelector(
namespace: null,
});
} else if (firstChar === "[") {
+ const wmatch = selector
+ .slice(selectorIndex + 1)
+ .match(/^\s*/);
+ const woffset = !wmatch ? 0 : wmatch[0].length;
+
const attributeMatch = selector
-.slice(selectorIndex + 1)
+.slice(selectorIndex + 1 + woffset)
.match(reAttr);
if (!attributeMatch) {
@@ -286,7 +291,7 @@ function parseSelector(
ignoreCase,
] = attributeMatch;
-selectorIndex += completeSelector.length + 1;
+selectorIndex += completeSelector.length + 1 + woffset;
let name = unescapeCSS(baseName);
if (options.lowerCaseAttributeNames ?? !options.xmlMode) {
--
2.39.2
>From 05ff66f7eb1533866713de590fdc26e779db8516 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?=
Date: Wed, 1 Mar
Bug#1032186: raspi-firmware: Can make removing a kernel image fail and causing "apt upgrade" to fail early, too
Package: raspi-firmware
Severity: serious
Tags: patch
Hi,
if /boot/firmware is (nearly) full, raspi-firmware prevents (!)
uninstalling a kernel image, because it still insists on copying stuff
to /boot/firmware upon kernel image removal.
An additional condition might be that another kernel image is present
and not fully configured for the same reason (not enough
diskspace). It's unlcear for me, if this additional condition is
required for this issue to reproduce.
In general you can run into such an issue within months if you have
automatic updates enabled and don't clear up old kernels
automatically. (And yes, in my case the VFAT partition is rather small
as this is a very old installation.
# df -h /boot/firmware/
Filesystem Size Used Avail Use% Mounted on
/dev/mmcblk0p1 121M 121M 2.0K 100% /boot/firmware
# dpkg --purge linux-image-6.1.0-1-armmp-lpae
(Reading database ... 350731 files and directories currently installed.)
Removing linux-image-6.1.0-1-armmp-lpae (6.1.4-1) ...
/etc/kernel/postrm.d/initramfs-tools:
update-initramfs: Deleting /boot/initrd.img-6.1.0-1-armmp-lpae
/etc/kernel/postrm.d/z50-raspi-firmware:
cp: error writing '/boot/firmware/vmlinuz-6.1.0-2-armmp-lpae': No space left
on device
run-parts: /etc/kernel/postrm.d/z50-raspi-firmware exited with return code 1
dpkg: error processing package linux-image-6.1.0-1-armmp-lpae (--purge):
installed linux-image-6.1.0-1-armmp-lpae package post-removal script
subprocess returned error exit status 1
Errors were encountered while processing:
linux-image-6.1.0-1-armmp-lpae
# ls -l /boot/firmware/{initrd.img,vmlinuz}-*
-rwxr-xr-x 1 root root 25319457 Oct 13 08:32
/boot/firmware/initrd.img-5.19.0-2-armmp-lpae
-rwxr-xr-x 1 root root 25268327 Dec 7 08:29
/boot/firmware/initrd.img-6.0.0-5-armmp-lpae
-rwxr-xr-x 1 root root 25266000 Jan 18 08:21
/boot/firmware/initrd.img-6.0.0-6-armmp-lpae
-rwxr-xr-x 1 root root 5210624 Oct 24 00:52
/boot/firmware/vmlinuz-5.19.0-2-armmp-lpae
-rwxr-xr-x 1 root root 5267968 Dec 7 08:29
/boot/firmware/vmlinuz-6.0.0-5-armmp-lpae
-rwxr-xr-x 1 root root 5267968 Dec 27 08:05
/boot/firmware/vmlinuz-6.0.0-6-armmp-lpae
-rwxr-xr-x 1 root root 5370368 Jan 18 08:21
/boot/firmware/vmlinuz-6.1.0-1-armmp-lpae
-rwxr-xr-x 1 root root 3817472 Mar 1 05:31
/boot/firmware/vmlinuz-6.1.0-2-armmp-lpae
# dpkg --audit
The following packages have been unpacked but not yet configured.
They must be configured using dpkg --configure or the configure
menu option in dselect for them to work:
linux-headers-armmp-lpae Header files for Linux armmp-lpae configuration
(meta
linux-image-armmp-lpae Linux for ARMv7 multiplatform compatible SoCs
supportin
The following packages are only half configured, probably due to problems
configuring them the first time. The configuration should be retried using
dpkg --configure or the configure menu option in dselect:
initramfs-tools generic modular initramfs generator (automation)
linux-headers-6.1.0-2-armmp-lpae Header files for Linux 6.1.0-2-armmp-lpae
linux-image-6.1.0-2-armmp-lpae Linux 6.1 for ARMv7 multiplatform compatible
So
raspi-firmware Raspberry Pi family GPU firmware and bootloaders
The following packages are only half installed, due to problems during
installation. The installation can probably be completed by retrying it;
the packages can be removed using dselect or dpkg --remove:
linux-image-6.1.0-1-armmp-lpae Linux 6.1 for ARMv7 multiplatform compatible
So
In the end, this also causes apt to abort rather early and not upgrade
or install anything anymore since then. This is also the reason why only
outdated kernel are (partially) installed.
So please stop copying stuff to /boot/firmware on kernel image removal
or purging. There will be an occasion for that at a later time anyway.
A patch (without the proper indentation probably wanted for readability)
which seems to have helped for me:
diff --git a/kernel/postinst.d/z50-raspi-firmware
b/kernel/postinst.d/z50-raspi-firmware
index 1d3ae16..d898847 100755
--- a/kernel/postinst.d/z50-raspi-firmware
+++ b/kernel/postinst.d/z50-raspi-firmware
@@ -115,6 +115,7 @@ else
dtb_path="/usr/lib/linux-image-${latest_kernel#/boot/vmlinuz-}"
fi
+if [ "$1" != "remove" ]; then
if [ "$KERNEL" = "auto" ] ; then
for dtb in "${dtb_path}"/bcm*.dtb; do
[ -e "${dtb}" ] || continue
@@ -128,6 +129,7 @@ if [ "$KERNEL" = "auto" ] ; then
cp "$latest_kernel" /boot/firmware/
cp "$latest_initrd" /boot/firmware/
fi
+fi
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-debug'),
(500, 'buildd-unstable'), (110, 'experimental'), (1, 'experimental-debug'), (1,
'buildd-experimental')
merged-usr: no
Architecture: armhf
Kernel: Linux 6.0.0-5-armmp-lpae (SMP)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Bug#994758: Bug#1031927: Handling the libsgutils2-2 #994758 bookworm-ignore
On Wed, Mar 01, 2023 at 08:07:09AM +, Jonathan McDowell wrote: > On Mon, Feb 27, 2023 at 09:11:46PM +0100, Paul Gevers wrote: > > On 25-02-2023 14:30, Adrian Bunk wrote: > > > With the bookworm-ignore for #994758, > > > > I'll admit that I misjudged that bug; with this message I'll clear the > > bookworm-ignore tag. > > > > > bullseye and bookworm > > > will ship libsgutils2-2 packages with different so-name. > > > > Although the transition freeze has started long time ago, it seems that > > doing a proper transition is the best way to fix this issue. If somebody is > > up to the task to prepare the upload, we can ask ftp-master to process the > > upload swiftly. (Please upload to experimental to avoid the ftp-master from > > rejecting the package immediately and to enable reviewing if that's not done > > before the upload.) > > This does not look overly hard and I have some familiarity with the > package having uploaded in the past. If no one else is already looking > at it I'll aim to have a version with a libsgutils2-1.46 library package > uploaded to experimental by the end of today. Now sitting in NEW for experimental: https://ftp-master.debian.org/new/sg3-utils_1.46-2.html I have confirmed: * It will not co-exist with the libsgutils2-2 package in bookworm (thanks to the versioned breaks/replaces) * It will co-exist with the libsgutils2-2 package in bullseye (which is 1.45-1 and has no overlapping files) * Operation of the sg3-utils package with this new build It turns out I do not have access to the salsa git repo at present, but I've requested it and will push the changes there when it is granted. J. -- No one told you when to run, you missed the starting gun. This .sig brought to you by the letter L and the number 39 Product of the Republic of HuggieTag signature.asc Description: PGP signature
Bug#1019641: marked as done (ruby-omniauth-auth0: FTBFS: ERROR: Test "ruby3.0" failed: Failure/Error: expect(last_response.status).to eq(302))
Your message dated Wed, 01 Mar 2023 11:23:11 + with message-id and subject line Bug#1019641: fixed in ruby-omniauth-auth0 3.1.0-1 has caused the Debian Bug report #1019641, regarding ruby-omniauth-auth0: FTBFS: ERROR: Test "ruby3.0" failed: Failure/Error: expect(last_response.status).to eq(302) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1019641: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019641 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: ruby-omniauth-auth0 Version: 2.0.0-1 Severity: important Justification: FTBFS Tags: bookworm sid ftbfs User: debian-r...@lists.debian.org Usertags: ruby3.1 Hi, We are about to start the ruby3.1 transition in unstable. While trying to rebuild ruby-omniauth-auth0 with ruby3.1 enabled, the build failed. However, this failure does not look related to ruby3.1 Relevant part of the build log (hopefully): > Failure/Error: expect(last_response.status).to eq(302) > >expected: 302 > got: 404 > >(compared using ==) > # ./spec/omniauth/strategies/auth0_spec.rb:254:in `block (3 levels) in > ' > > Finished in 0.07222 seconds (files took 0.45401 seconds to load) > 23 examples, 4 failures > > Failed examples: > > rspec ./spec/omniauth/strategies/auth0_spec.rb:72 # > OmniAuth::Strategies::Auth0 oauth redirects to hosted login page > rspec ./spec/omniauth/strategies/auth0_spec.rb:235 # > OmniAuth::Strategies::Auth0 error_handling fails when missing client_id > rspec ./spec/omniauth/strategies/auth0_spec.rb:243 # > OmniAuth::Strategies::Auth0 error_handling fails when missing client_secret > rspec ./spec/omniauth/strategies/auth0_spec.rb:251 # > OmniAuth::Strategies::Auth0 error_handling fails when missing domain > > /usr/bin/ruby3.0 > -I/usr/share/rubygems-integration/all/gems/rspec-support-3.10.3/lib:/usr/share/rubygems-integration/all/gems/rspec-core-3.10.1/lib > /usr/share/rubygems-integration/all/gems/rspec-core-3.10.1/exe/rspec > --pattern ./spec/\*\*/\*_spec.rb --format documentation failed > ERROR: Test "ruby3.0" failed: The full build log is available from: https://people.debian.org/~terceiro/ruby3.1/17/ruby-omniauth-auth0/ruby-omniauth-auth0_2.0.0-1+rebuild1663007865_amd64-2022-09-12T18:37:46Z.build If you fail to reproduce, please provide a build log and diff it with mine so that we can identify if something relevant changed in the meantime. A list of current common problems and possible solutions is available at http://wiki.debian.org/qa.debian.org/FTBFS . You're welcome to contribute! If you reassign this bug to another package, please marking it as 'affects'-ing this package. See https://www.debian.org/Bugs/server-control#affects signature.asc Description: PGP signature --- End Message --- --- Begin Message --- Source: ruby-omniauth-auth0 Source-Version: 3.1.0-1 Done: Pirate Praveen We believe that the bug you reported is fixed in the latest version of ruby-omniauth-auth0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1019...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Pirate Praveen (supplier of updated ruby-omniauth-auth0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 Mar 2023 16:29:09 +0530 Source: ruby-omniauth-auth0 Architecture: source Version: 3.1.0-1 Distribution: experimental Urgency: medium Maintainer: Debian Ruby Team Changed-By: Pirate Praveen Closes: 1019641 Changes: ruby-omniauth-auth0 (3.1.0-1) experimental; urgency=medium . [ Utkarsh Gupta ] * Add salsa-ci.yml . [ Debian Janitor ] * Trim trailing whitespace. * Use secure copyright file specification URI. * Use secure URI in debian/watch. * Bump debhelper from old 11 to 12. * Set debhelper-compat version in Build-Depends. * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, Repository-Browse. * Remove constraints unnecessary since buster: + Build-Depends: Drop versioned constraint on ruby-omniauth-oauth2. + ruby-omniauth-auth0: Drop versioned constraint on ruby-omniauth-oauth2 in Depends. * Update watch
Bug#1032183: libgusb-dev: missing dependency on libjson-glib-1.0-dev
Control: tags -1 + patch
On Wed, 01 Mar 2023 at 10:52:44 +, Simon McVittie wrote:
> I'll send the obvious patch when I have a bug number.
Attached, or available from
https://salsa.debian.org/efi-team/libgusb/-/merge_requests/6
smcv
>From 0b82db8fc0333e9d16e3e0eb9c7fa77b6d47f34c Mon Sep 17 00:00:00 2001
From: Simon McVittie
Date: Wed, 1 Mar 2023 10:25:00 +
Subject: [PATCH 1/2] Add a superficial autopkgtest for libgusb-dev
This checks whether the -dev package has all the required dependencies
to link a simple program with libgusb.
Reproduces: #1032183
Signed-off-by: Simon McVittie
---
debian/tests/control | 5 +
debian/tests/libgusb-dev | 46
2 files changed, 51 insertions(+)
create mode 100644 debian/tests/control
create mode 100755 debian/tests/libgusb-dev
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..2a91858
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,5 @@
+Tests: libgusb-dev
+Restrictions: allow-stderr, superficial
+Depends:
+ build-essential,
+ libgusb-dev,
diff --git a/debian/tests/libgusb-dev b/debian/tests/libgusb-dev
new file mode 100755
index 000..22bec3f
--- /dev/null
+++ b/debian/tests/libgusb-dev
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Copyright 2023 Simon McVittie
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+set -eux
+
+if [ -n "${AUTOPKGTEST_ARTIFACTS-}" ]; then
+WORKDIR="$AUTOPKGTEST_ARTIFACTS"
+else
+WORKDIR="$(mktemp -d)"
+trap 'cd /; rm -fr "$WORKDIR"' 0 INT QUIT ABRT PIPE TERM
+fi
+
+if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then
+CROSS_COMPILE="$DEB_HOST_GNU_TYPE-"
+else
+CROSS_COMPILE=
+fi
+
+cat >> "$WORKDIR"/trivial.c <
+
+#include
+#include
+
+int main (int argc, char *argv[])
+{
+ GError *error = NULL;
+ GUsbContext *context = NULL;
+
+ context = g_usb_context_new ();
+
+ if (context == NULL)
+g_error ("%s", error->message);
+
+ g_object_unref (context);
+ return 0;
+}
+EOF
+
+cd "$WORKDIR"
+
+# Deliberately word-splitting pkg-config's output:
+# shellcheck disable=SC2046
+"${CROSS_COMPILE}gcc" -otrivial trivial.c $("${CROSS_COMPILE}pkg-config" --cflags --libs gusb gobject-2.0 glib-2.0)
+./trivial
--
2.39.2
>From d234a8ca7dde5c8d2b0b031270156ea4933e7724 Mon Sep 17 00:00:00 2001
From: Simon McVittie
Date: Wed, 1 Mar 2023 10:39:55 +
Subject: [PATCH 2/2] d/control: Add missing dependency libgusb-dev ->
libjson-glib-dev
Closes: #1032183
Signed-off-by: Simon McVittie
---
debian/control | 1 +
1 file changed, 1 insertion(+)
diff --git a/debian/control b/debian/control
index 3a1fa8d..98a8f1c 100644
--- a/debian/control
+++ b/debian/control
@@ -26,6 +26,7 @@ Depends: libgusb2 (= ${binary:Version}),
${misc:Depends},
gir1.2-gusb-1.0 (= ${binary:Version}),
libglib2.0-dev (>= 2.44.0),
+ libjson-glib-dev,
libusb-1.0-0-dev
Description: GLib wrapper around libusb1 - development files
GUsb is a GObject wrapper for libusb1 that makes it easy to do
--
2.39.2
Processed: Re: libgusb-dev: missing dependency on libjson-glib-1.0-dev
Processing control commands: > tags -1 + patch Bug #1032183 [libgusb-dev] libgusb-dev: missing dependency on libjson-glib-1.0-dev Added tag(s) patch. -- 1032183: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032183 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1032183: libgusb-dev: missing dependency on libjson-glib-1.0-dev
Package: libgusb-dev
Version: 0.4.5-1
Severity: serious
Justification: Policy 7.2
To reproduce:
* Have a minimal Debian chroot or container
* apt install libgusb-dev
* pkg-config --cflags --libs gusb
Expected result: success, compiler flags are shown
Actual result:
> + pkg-config --cflags --libs gusb gobject-2.0 glib-2.0
> Package json-glib-1.0 was not found in the pkg-config search path.
> Perhaps you should add the directory containing `json-glib-1.0.pc'
> to the PKG_CONFIG_PATH environment variable
> Package 'json-glib-1.0', required by 'gusb', not found
I'll send the obvious patch when I have a bug number.
It's easy to reproduce this class of issues with an autopkgtest like
the one added by the attached patch, and running autopkgtest before upload
can detect and prevent these missing dependencies before they reach Debian.
smcv
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'stable-security'), (500,
'oldstable-debug'), (500, 'oldoldstable'), (500, 'buildd-unstable'), (500,
'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1,
'experimental-debug'), (1, 'buildd-experimental'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-5-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8), LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libgusb-dev depends on:
ii gir1.2-gusb-1.0 0.4.5-1
ii libc6 2.36-8
ii libglib2.0-02.74.5-1
ii libglib2.0-dev 2.74.5-1
ii libgusb20.4.5-1
ii libjson-glib-1.0-0 1.6.6-1
ii libusb-1.0-0-dev2:1.0.26-1
libgusb-dev recommends no packages.
libgusb-dev suggests no packages.
-- no debconf information
>From e5c5697632a33b004cba3c687357f7408a591904 Mon Sep 17 00:00:00 2001
From: Simon McVittie
Date: Wed, 1 Mar 2023 10:25:00 +
Subject: [PATCH 1/2] Add a superficial autopkgtest for libgusb-dev
This checks whether the -dev package has all the required dependencies
to link a simple program with libgusb.
Signed-off-by: Simon McVittie
---
debian/tests/control | 5 +
debian/tests/libgusb-dev | 46
2 files changed, 51 insertions(+)
create mode 100644 debian/tests/control
create mode 100755 debian/tests/libgusb-dev
diff --git a/debian/tests/control b/debian/tests/control
new file mode 100644
index 000..2a91858
--- /dev/null
+++ b/debian/tests/control
@@ -0,0 +1,5 @@
+Tests: libgusb-dev
+Restrictions: allow-stderr, superficial
+Depends:
+ build-essential,
+ libgusb-dev,
diff --git a/debian/tests/libgusb-dev b/debian/tests/libgusb-dev
new file mode 100755
index 000..22bec3f
--- /dev/null
+++ b/debian/tests/libgusb-dev
@@ -0,0 +1,46 @@
+#!/bin/sh
+# Copyright 2023 Simon McVittie
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+set -eux
+
+if [ -n "${AUTOPKGTEST_ARTIFACTS-}" ]; then
+WORKDIR="$AUTOPKGTEST_ARTIFACTS"
+else
+WORKDIR="$(mktemp -d)"
+trap 'cd /; rm -fr "$WORKDIR"' 0 INT QUIT ABRT PIPE TERM
+fi
+
+if [ -n "${DEB_HOST_GNU_TYPE:-}" ]; then
+CROSS_COMPILE="$DEB_HOST_GNU_TYPE-"
+else
+CROSS_COMPILE=
+fi
+
+cat >> "$WORKDIR"/trivial.c <
+
+#include
+#include
+
+int main (int argc, char *argv[])
+{
+ GError *error = NULL;
+ GUsbContext *context = NULL;
+
+ context = g_usb_context_new ();
+
+ if (context == NULL)
+g_error ("%s", error->message);
+
+ g_object_unref (context);
+ return 0;
+}
+EOF
+
+cd "$WORKDIR"
+
+# Deliberately word-splitting pkg-config's output:
+# shellcheck disable=SC2046
+"${CROSS_COMPILE}gcc" -otrivial trivial.c $("${CROSS_COMPILE}pkg-config" --cflags --libs gusb gobject-2.0 glib-2.0)
+./trivial
--
2.39.2
Bug#1030638: cp -a fails to preserve ownership information on 32-bit arches
Control: tags -1 + patch On Wed, Mar 1, 2023 at 3:10 PM Shengjing Zhu wrote: > I realized there probably was no need for runtime detection after some > discussion with others. > > After all, it has already dispatched the right _time64 function. But > on i386, the only case to use _time64 function is when compiled with > D_TIME_BITS=64. > So there shouldn't be two variants of stat64 struct. It's just > fakeroot is using the wrong one. > fakeroot should compile its all time64 funcs with D_TIME_BITS=64, then > it should get the right struct. (only these _time64 parts, so be in > separate files.) > > I'm still exploring this idea, but anyone more familiar with autoconf > would be helpful! > Please see the patch https://salsa.debian.org/clint/fakeroot/-/merge_requests/22 -- Shengjing Zhu
Processed: Re: Bug#1030638: cp -a fails to preserve ownership information on 32-bit arches
Processing control commands: > tags -1 + patch Bug #1030638 [fakeroot] cp -a fails to preserve ownership information on 32-bit arches Added tag(s) patch. -- 1030638: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030638 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1030048: marked as done (pgpool2: CVE-2023-22332)
Your message dated Wed, 01 Mar 2023 10:34:14 + with message-id and subject line Bug#1030048: fixed in pgpool2 4.3.5-1 has caused the Debian Bug report #1030048, regarding pgpool2: CVE-2023-22332 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1030048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030048 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Source: pgpool2 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for pgpool2. CVE-2023-22332[0]: | Information disclosure vulnerability exists in Pgpool-II 4.4.0 to | 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 | series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), | All versions of 3.7 series, All versions of 3.6 series, All versions | of 3.5 series, All versions of 3.4 series, and All versions of 3.3 | series. A specific database user's authentication information may be | obtained by another database user. As a result, the information stored | in the database may be altered and/or database may be suspended by a | remote attacker who successfully logged in the product with the | obtained credentials. Quoting from https://www.pgpool.net/mediawiki/index.php/Main_Page#News : (I have no idea how common that is, feel free to downgrade as necessary) -- This release contains a security fix. If following conditions are all met, the password of "wd_lifecheck_user" is exposed by "SHOW POOL STATUS" command. The command can be executed by any user who can connect to Pgpool-II. (CVE-2023-22332) • Version 3.3 or later • use_watchdog = on • wd_lifecheck_method = 'query' • A plain text password is set to wd_lifecheck_password -- If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-22332 https://www.cve.org/CVERecord?id=CVE-2023-22332 Please adjust the affected versions in the BTS as needed. --- End Message --- --- Begin Message --- Source: pgpool2 Source-Version: 4.3.5-1 Done: Christoph Berg We believe that the bug you reported is fixed in the latest version of pgpool2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1030...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Christoph Berg (supplier of updated pgpool2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 01 Mar 2023 11:09:35 +0100 Source: pgpool2 Architecture: source Version: 4.3.5-1 Distribution: unstable Urgency: medium Maintainer: Debian PostgreSQL Maintainers Changed-By: Christoph Berg Closes: 1030048 Changes: pgpool2 (4.3.5-1) unstable; urgency=medium . * New upstream version 4.3.5. (Closes: #1030048) . + Fixes Information disclosure vulnerability CVE-2023-22332: . A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. . * debian/pgpool2.service: Start after network.target. Checksums-Sha1: 1775469a7678ad9c3e78407703d207c76d067aa2 2645 pgpool2_4.3.5-1.dsc 9cfac112e459d3581072b110ad90bf536e2efb40 4785896 pgpool2_4.3.5.orig.tar.gz 30a77dba3c143b124c326153ad2428b9225cd9da 13764 pgpool2_4.3.5-1.debian.tar.xz Checksums-Sha256: ca45b7fad6539375f761a0c50569db8bf326f4524d6b91e9964293e4454eb496 2645 pgpool2_4.3.5-1.dsc c220bfd78da0601bc46d22b1555b0f18550c5528ce8c40d32741cefaed23e234 4785896 pgpool2_4.3.5.orig.tar.gz 5dd753a1b47e6de57cae01ad5cf7248fe099719062eaf4c99aa9536cf635bcfd 13764 pgpool2_4.3.5-1.debian.tar.xz Files: e6077ffac2d4385ea68ee527b8218ba2 2645 database optional pgpool2_4.3.5-1.dsc b2a0f3a09c9db2279224cb96a78ff0e5 4785896 database optional pgpool2_4.3.5.orig.tar.gz a9b79fac41f1b5c259139640e61fc957 13764
Bug#1030048: pgpool2: CVE-2023-22332
Re: Adrian Bunk > > CVE-2023-22332[0]: > Christoph, is there a reason why this cannot be fixed with a backport > or an upgrade to 4.3.5? Just time (and the RFH on the package that has been open since 2014 and no activity since 2016). I've just uploaded 4.3.5 to unstable. Thanks for the poke, Christoph
Bug#1030048: marked as pending in pgpool2
Control: tag -1 pending Hello, Bug #1030048 in pgpool2 reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/postgresql/pgpool2/-/commit/0533b06b7737b73123df72209680ae0400d12a8d New upstream version 4.3.5. (Closes: #1030048) + Fixes Information disclosure vulnerability CVE-2023-22332: A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials. (this message was generated automatically) -- Greetings https://bugs.debian.org/1030048
Processed: Bug#1030048 marked as pending in pgpool2
Processing control commands: > tag -1 pending Bug #1030048 [src:pgpool2] pgpool2: CVE-2023-22332 Added tag(s) pending. -- 1030048: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030048 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#977027: rhino breaks dojo autopkgtest: Cannot set property "dojo" of null to "[object Object]"
Hi tony, [...] > I'm not able to reproduce the autopkgtest failure locally running in > clean sid chroots. First, I build the dojo source package and ran the > autopkgtest against those binaries. When that didn't fail, I pulled the > binary packages from the archive and ran the autopkgtest against those. > Again, no failures. > > I see the autopkgtest failure when I run against a bookworm chroot. > > So it seems like the migration of rhino will resolve the test failure. > (Or I'm missing something fundamental.) Strange. I downloaded the source package and ran the autopkgtests manually. I symlinked js.jar and shrinksafe.jar into util/shrinksafe and then I executed the runner.sh script. I got the same error message "Cannot set property "dojo" of null to "[object Object]". Anyway, are the autopkgtests really useful if they prevent rhino from migration to testing every time we update the package, even if everything works as expected? The same tests already run at build time. signature.asc Description: This is a digitally signed message part
Bug#994758: Bug#1031927: Handling the libsgutils2-2 #994758 bookworm-ignore
On Mon, Feb 27, 2023 at 09:11:46PM +0100, Paul Gevers wrote: > Control: tags 994758 - bookworm-ignore > > Hi Adrian, > > Thanks for caring. > > On 25-02-2023 14:30, Adrian Bunk wrote: > > With the bookworm-ignore for #994758, > > I'll admit that I misjudged that bug; with this message I'll clear the > bookworm-ignore tag. > > > bullseye and bookworm > > will ship libsgutils2-2 packages with different so-name. > > Although the transition freeze has started long time ago, it seems that > doing a proper transition is the best way to fix this issue. If somebody is > up to the task to prepare the upload, we can ask ftp-master to process the > upload swiftly. (Please upload to experimental to avoid the ftp-master from > rejecting the package immediately and to enable reviewing if that's not done > before the upload.) This does not look overly hard and I have some familiarity with the package having uploaded in the past. If no one else is already looking at it I'll aim to have a version with a libsgutils2-1.46 library package uploaded to experimental by the end of today. J. -- /-\ | If at first you don't succeed, |@/ Debian GNU/Linux Developer | create an "NT" version. \- | signature.asc Description: PGP signature
